Joommasters: Security Vulnerabilities
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-01-19
PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-06-06
PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-06-05
PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-05
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
CVSS Score
9.8
EPSS Score
0.898
Published
2023-03-23
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-02-02