activedesign 相關的公開 CVE 漏洞與安全風險資訊,提供 CVSS、EPSS、公開時間與漏洞情報資料,協助評估潛在風險與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-47308 | In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | [email protected] | 9.8 | 0.70% | 2023-11-14 | 2026-06-17 |
| CVE-2023-39641 | Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). | [email protected] | 9.8 | 0.67% | 2023-09-14 | 2026-06-17 |