Vulnerabilities (CVE)

Filtered by vendor Webbax Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3031 1 Webbax 1 King-avis 2024-11-21 N/A 4.9 MEDIUM
Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15.
CVE-2023-30199 1 Webbax 1 Customexporter 2024-11-21 N/A 7.5 HIGH
Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php.
CVE-2023-30198 1 Webbax 1 Winbizpayment 2024-11-21 N/A 7.5 HIGH
Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.
CVE-2023-30197 1 Webbax 1 Myinventory 2024-11-21 N/A 7.5 HIGH
Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack.
CVE-2023-30196 1 Webbax 1 Salesbooster 2024-11-21 N/A 7.5 HIGH
Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php.