Security Vulnerabilities - CVEs Published In October 2023
In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`
CVSS Score
8.8
EPSS Score
0.878
Published
2023-10-17
In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().'
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-17
Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-17
Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive.
CVSS Score
9.9
EPSS Score
0.003
Published
2023-10-17
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454.
CVSS Score
2.7
EPSS Score
0.0
Published
2023-10-17
IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455.
CVSS Score
3.7
EPSS Score
0.001
Published
2023-10-17
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-17
IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681.
CVSS Score
7.2
EPSS Score
0.0
Published
2023-10-17
IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957.
CVSS Score
5.0
EPSS Score
0.0
Published
2023-10-17
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-10-17