CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30191
https://notcve.org/view.php?id=CVE-2023-30191
PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent(). • https://friends-of-presta.github.io/security-advisories/modules/2023/05/17/cdesigner-89.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27033
https://notcve.org/view.php?id=CVE-2023-27033
Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). • https://addons.prestashop.com/fr/declinaisons-personnalisation/22677-personnalisation-de-produit-product-customize.html https://friends-of-presta.github.io/security-advisories/modules/2023/04/06/cdesigner-CWE434.html • CWE-434: Unrestricted Upload of File with Dangerous Type •