Vulnerabilities > Myprestamodules

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-46354 Missing Authorization vulnerability in Myprestamodules Orders (Csv, Excel) Export PRO
In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction.
network
low complexity
myprestamodules CWE-862
7.5
7.5
2023-11-27 CVE-2023-46349 SQL Injection vulnerability in Myprestamodules Updateproducts 3.7.6
In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection.
network
low complexity
myprestamodules CWE-89
critical
 9.8
9.8
2023-11-22 CVE-2023-46357 SQL Injection vulnerability in Myprestamodules Cross Selling in Modal Cart
In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection.
network
low complexity
myprestamodules CWE-89
critical
 9.8
9.8
2023-11-17 CVE-2023-45387 SQL Injection vulnerability in Myprestamodules Exportproducts 4.1.1/5.0.0
In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`
network
low complexity
myprestamodules CWE-89
critical
 9.8
9.8
2023-11-15 CVE-2023-40923 SQL Injection vulnerability in Myprestamodules Orders (Csv, Excel) Export
MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.
network
low complexity
myprestamodules CWE-89
8.8
8.8
2023-10-25 CVE-2023-46346 Path Traversal vulnerability in Myprestamodules Exportproducts 4.1.1
In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
network
low complexity
myprestamodules CWE-22
7.5
7.5
2023-03-31 CVE-2023-26858 SQL Injection vulnerability in Myprestamodules Frequently Asked Questions Page 3.1.6
SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.
network
low complexity
myprestamodules CWE-89
critical
 9.8
9.8