In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| prestashop | prestashop | * |
| ai-dev | ailinear | * |
In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ai-dev | aicustomfee | * |
ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ai-dev | declinaisons_a_la_volee | * |
ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ai-dev | ai-table | * |
ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ai-dev | aioptimizedcombinations | * |