CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34992
https://notcve.org/view.php?id=CVE-2024-34992
24 Jun 2024 — SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()' Vulnerabilidad de inyección SQL en el módulo "Help Desk - Customer Support Management System" (servicio de ayuda) hasta la versión 2.4.0 de los módulos FME para PrestaShop permite a atacantes obtener información sensible y causar otros impactos a tr... • https://security.friendsofpresta.org/modules/2024/06/20/helpdesk.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34990
https://notcve.org/view.php?id=CVE-2024-34990
19 Jun 2024 — In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers. En el módulo "Help Desk - Sistema de gestión de atención al cliente" (helpdesk) hasta la versión 2.4.0 de los Módulos FME para PrestaShop, un cliente pued... • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-06-18-helpdesk.md • CWE-434: Unrestricted Upload of File with Dangerous Type •