[CVE-2023-34576] Improper neutralization of SQL parameter in Opart Faq for PrestaShop

In the module “Opart Faq” (opartfaq) up to version 1.0.3 from Opart for PrestaShop, a guest can perform SQL injection in affected versions. Summary CVE ID: CVE-2023-34576 Published at: 2023-09-19 Platform: PrestaShop Product: opartfaq Impacted release: update(‘opartfaq_questions_products’, array( – ‘position’ => $value + ‘position’ => (int) $value – ),’id_product=’.$_POST[‘opartFaqIdProductPos’].’ AND id_opartfaq_questions=’.$key); + ),’id_product=’. (int) $_POST[‘opartFaqIdProductPos’].’…

Read More

[CVE-2023-34575] Improper neutralization of SQL parameter in Opart Save Cart for PrestaShop

In the module “Opart Save Cart” (opartsavecart) up to version 2.0.7 from Opart for PrestaShop, a guest can perform SQL injection in affected versions. Summary CVE ID: CVE-2023-34575 Published at: 2023-09-19 Platform: PrestaShop Product: opartsavecart Impacted release: execute($sql); … //check if cart exist for this customer if (Tools::getIsset(‘opartCartId’) && Tools::getValue(‘opartCartId’)) { $idCart = Tools::getValue(‘opartCartId’); -…

Read More

[CVE-2023-34577] Improper neutralization of SQL parameter in Opart Planned popup for PrestaShop

In the module “Opart planned popup” (opartplannedpopup) up to version 1.4.11 from Opart for PrestaShop, a guest can perform SQL injection in affected versions. Summary CVE ID: CVE-2023-34577 Published at: 2023-09-19 Platform: PrestaShop Product: opartplannedpopup Impacted release: context->controller) == ‘OrderController’) { if (Tools::getIsset(‘step’)) { $current_step = Tools::getValue(‘step’); } else { $current_step = 0; } -…

Read More

USN-6381-1: GNU binutils vulnerabilities

Ubuntu Security Advisory It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service (memory exhaustion). (CVE-2020-19724, CVE-2020-21490) It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow….

Read More

USN-6377-1: LibRaw vulnerability

Ubuntu Security Advisory It was discovered that LibRaw incorrectly handled certain photo files. If a user o automated system were tricked into processing a specially crafted photo file, a remote attacker could possibly cause applications linked against LibRaw to crash, resulting in a denial of service. READ MORE

Read More