Vulnerabilities > Mypresta
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2023-46351 | SQL Injection vulnerability in Mypresta Manufacturers (Brands) Images Block In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2023-12-06 | CVE-2023-46353 | SQL Injection vulnerability in Mypresta Product TAG Icons PRO In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2023-10-17 | CVE-2023-45386 | SQL Injection vulnerability in Mypresta Product Extra Tabs PRO In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().' | 9.8 |
| 2021-09-08 | CVE-2021-40814 | SQL Injection vulnerability in Mypresta Customer Photo Gallery The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection. | 7.5 |
| 2018-11-19 | CVE-2018-19355 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | 7.5 |