CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-28560
https://notcve.org/view.php?id=CVE-2024-28560
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. • https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 https://gitee.com/niushop-team/niushop_b2c_v5 https://v5.niuteam.cn https://www.niushop.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28559
https://notcve.org/view.php?id=CVE-2024-28559
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. • https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 https://gitee.com/niushop-team/niushop_b2c_v5 https://v5.niuteam.cn https://www.niushop.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-41099
https://notcve.org/view.php?id=CVE-2023-41099
In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur. • https://support.bull.com/ols/product/security/psirt/security-bulletins/cardos-api-local-privilege-escalation-psirt-358-tlp-clear-version-2-6-cve-2023-41099/view • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28395
https://notcve.org/view.php?id=CVE-2024-28395
SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. • https://addons.prestashop.com/en/pop-up/20208-pop-up-schedule-popup-splash-window.html https://security.friendsofpresta.org/modules/2024/03/14/bestkit_popup.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28392
https://notcve.org/view.php?id=CVE-2024-28392
SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. • https://addons.prestashop.com/en/remarketing-shopping-cart-abandonment/16535-abandoned-cart-reminder-pro.html https://security.friendsofpresta.org/modules/2024/03/14/pscartabandonmentpro.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •