Aggregates CVE and security vulnerability intelligence across all sunnytoo-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-28388 | SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. | [email protected] | 9.8 | 0.29% | 2024-03-14 | 2025-09-18 |
| CVE-2023-43985 | SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component. | [email protected] | 9.8 | 0.14% | 2024-01-19 | 2025-06-16 |
| CVE-2023-46348 | SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. | [email protected] | 9.8 | 0.41% | 2023-12-14 | 2024-11-21 |