Myprestamodules

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-28396 1Myprestamodules 1Orders (csv, Excel) Export Pro Jun 17, 2025 Mar 20, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.
CVE-2024-25847 1Myprestamodules 1Product Catalog (csv, Excel) Import May 5, 2025 Mar 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive in...Show more SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods.Show less
CVE-2024-25846 2Myprestamodules Simpleimportproduct Project 2Product Catalog (csv, Excel) Import Simpleimportproduct Feb 18, 2026 Feb 27, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.
CVE-2023-46354 1Myprestamodules 1Orders (csv, Excel) Export Pro Nov 21, 2024 Dec 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can...Show more In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address.Show less
CVE-2023-46349 1Myprestamodules 1Updateproducts Nov 21, 2024 Nov 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive S...Show more In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.Show less
CVE-2023-46357 1Myprestamodules 1Cross Selling In Modal Cart Nov 21, 2024 Nov 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL call...Show more In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.Show less
CVE-2023-45387 1Myprestamodules 1Exportproducts Nov 21, 2024 Nov 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`
CVE-2023-40923 1Myprestamodules 2Orders (csv, Excel) Export Orders (csv, Excel) Export Pro Feb 24, 2026 Nov 15, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.
CVE-2023-46346 1Myprestamodules 1Exportproducts Nov 21, 2024 Oct 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a pat...Show more In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.Show less
CVE-2023-39675 2Myprestamodules Simpleimportproduct Project 2Product Catalog (csv, Excel) Import Simpleimportproduct Feb 18, 2026 Sep 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php.
CVE-2023-39677 3Myprestamodules Simpleimportproduct ProjectUpdateproducts Project 3Product Catalog (csv, Excel) Import SimpleimportproductUpdateproducts Feb 18, 2026 Sep 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.
CVE-2023-26858 1Myprestamodules 1Frequently Asked Questions Page Feb 18, 2025 Mar 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.