CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-25839
https://notcve.org/view.php?id=CVE-2024-25839
An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-supernewsletter.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25847
https://notcve.org/view.php?id=CVE-2024-25847
SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-simpleimportproduct.md • CWE-269: Improper Privilege Management •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-25844
https://notcve.org/view.php?id=CVE-2024-25844
An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-soflexibilite.md •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-26469
https://notcve.org/view.php?id=CVE-2024-26469
Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-918.md •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-24307
https://notcve.org/view.php?id=CVE-2024-24307
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-22.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •