← Back

Mypresta

mypresta

5 CVEs • 5 products

Products (5)

Click to collapse
Toggle
Customer Files Upload
customer_files_upload
1 CVE
Customer Photo Gallery
customer_photo_gallery
1 CVE
Product Extra Tabs Pro
product_extra_tabs_pro
1 CVE
Product Tag Icons Pro
product_tag_icons_pro
1 CVE
Manufacturers (brands) Images Block
manufacturers_(brands)_images_block
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-46351
1Mypresta
1Manufacturers (brands) Images Block
Jun 20, 2025
Jan 19, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and expl...Show more
In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.Show less
CVE-2023-46353
1Mypresta
1Product Tag Icons Pro
Nov 21, 2024
Dec 6, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be exe...Show more
In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.Show less
CVE-2023-45386
1Mypresta
1Product Extra Tabs Pro
Nov 21, 2024
Oct 17, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufactur...Show more
In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().'Show less
CVE-2021-40814
1Mypresta
1Customer Photo Gallery
Nov 21, 2024
Sep 8, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.
CVE-2018-19355
2Mypresta
Prestashop
2Customer Files Upload
Prestashop
Nov 21, 2024
Nov 19, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.ph...Show more
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles).Show less