Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack.

PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.