cbcvebase.

Myprestamodules Product Catalog Import vulnerabilities

4 known vulnerabilities affecting myprestamodules/product_catalog_import.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1

Vulnerabilities

Page 1 of 1
CVE-2023-39677P2HIGHCVSS 7.5PoCv6.2.92023-09-20
CVE-2023-39677 [HIGH] CWE-200 CVE-2023-39677: MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.
nvd
CVE-2023-39675P3CRITICALCVSS 9.8v6.2.92023-09-20
CVE-2023-39675 [CRITICAL] CWE-89 CVE-2023-39675: SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php.
nvd
CVE-2024-25847P3CRITICALCVSS 9.8≤ 6.5.02024-03-03
CVE-2024-25847 [CRITICAL] CWE-269 CVE-2024-25847: SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportpr SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods.
nvd
CVE-2024-25846P3CRITICALCVSS 9.1≤ 6.7.02024-02-27
CVE-2024-25846 [CRITICAL] CWE-434 CVE-2024-25846: In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModu In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.
nvd