Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45387 | 1 Myprestamodules | 1 Exportproducts | 2024-11-21 | 9.8 Critical |
| In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` | ||||
| CVE-2023-45386 | 1 Mypresta | 1 Product Extra Tabs Pro | 2024-11-21 | 9.8 Critical |
| In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().' | ||||
| CVE-2023-45381 | 1 Webshopworks | 1 Creativepopup | 2024-11-21 | 9.8 Critical |
| In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().` | ||||
| CVE-2023-45379 | 1 Posthemes | 1 Posrotatorimg | 2024-11-21 | 9.8 Critical |
| In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. | ||||
| CVE-2023-45378 | 1 Hdclic | 1 Prestablog | 2024-11-21 | 9.8 Critical |
| In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-45376 | 1 Hipresta | 1 Carousels Pack | 2024-11-21 | 9.8 Critical |
| In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().` | ||||
| CVE-2023-45375 | 1 01generator | 1 Pireospay | 2024-11-21 | 8.8 High |
| In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().` | ||||
| CVE-2023-45347 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45346 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45345 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45344 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45343 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45342 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45340 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45338 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45336 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45334 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45325 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45323 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-45111 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 9.8 Critical |
| Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||