Vulnerabilities > Joommasters

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2023-50030 SQL Injection vulnerability in Joommasters Jmssetting
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0.
network
low complexity
joommasters CWE-89
critical
 9.8
9.8
2023-06-06 CVE-2023-29632 SQL Injection vulnerability in Joommasters Jmspagebuilder
PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.
network
low complexity
joommasters CWE-89
critical
 9.8
9.8
2023-06-05 CVE-2023-29630 SQL Injection vulnerability in Joommasters JMS Drop Mega Menu 1.0.0/2.0.0
PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.
network
low complexity
joommasters CWE-89
critical
 9.8
9.8
2023-06-05 CVE-2023-29631 Unrestricted Upload of File with Dangerous Type vulnerability in Joommasters JMS Slider 1.6.0
PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.
network
low complexity
joommasters CWE-434
critical
 9.8
9.8
2018-02-02 CVE-2018-6581 SQL Injection vulnerability in Joommasters JMS Music 1.1.1
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
network
low complexity
joommasters CWE-89
7.5
7.5