Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop 1.6 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-19594
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote malicious users to execute arbitrary code by uploading a .php file.
Adobe Stock Api Integration 4.8
Prestashop Prestashop 1.6
Prestashop Prestashop 1.7
9.8
CVSSv3
CVE-2019-19595
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote malicious users to execute arbitrary code by uploading a .php file.
Adobe Stock Api Integration 4.8
Prestashop Prestashop 1.6
Prestashop Prestashop 1.7
7.5
CVSSv3
CVE-2018-19125
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to delete an image directory.
Prestashop Prestashop
1 Github repository
9.8
CVSSv3
CVE-2018-19126
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to execute arbitrary code via a file upload.
Prestashop Prestashop
1 Github repository
7.5
CVSSv3
CVE-2018-19124
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 on Windows allows remote malicious users to write to arbitrary image files.
Prestashop Prestashop
7.5
CVSSv3
CVE-2020-12120
The Correos Express addon for PrestaShop 1.6 up to and including 1.7 allows remote malicious users to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.
Prestashop Correos Express
NA
CVE-2014-2008
SQL injection vulnerability in confirm.php in the mPAY24 payment module prior to 1.6 for PrestaShop allows remote malicious users to execute arbitrary SQL commands via the TID parameter.
Mpay24 Project Mpay24 1.4.3
Mpay24 Project Mpay24 1.4.4
Mpay24 Project Mpay24 1.4.0
Mpay24 Project Mpay24 1.4.8
Mpay24 Project Mpay24 1.4.9
Mpay24 Project Mpay24 1.4.1
Mpay24 Project Mpay24 1.4.2
Mpay24 Project Mpay24 1.5.0
Mpay24 Project Mpay24
Mpay24 Project Mpay24 1.4.5
Mpay24 Project Mpay24 1.4.6
Mpay24 Project Mpay24 1.4.7
1 EDB exploit
NA
CVE-2014-2009
The mPAY24 payment module prior to 1.6 for PrestaShop allows remote malicious users to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
Mpay24 Project Mpay24 1.4.3
Mpay24 Project Mpay24 1.4.4
Mpay24 Project Mpay24
Mpay24 Project Mpay24 1.4.5
Mpay24 Project Mpay24 1.4.6
Mpay24 Project Mpay24 1.4.0
Mpay24 Project Mpay24 1.4.7
Mpay24 Project Mpay24 1.4.8
Mpay24 Project Mpay24 1.4.1
Mpay24 Project Mpay24 1.4.2
Mpay24 Project Mpay24 1.4.9
Mpay24 Project Mpay24 1.5.0
1 EDB exploit
9.8
CVSSv3
CVE-2023-30149
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or before 2.0.3 (for PrestaShop version 1.7), allows remote malicious users to execute arbitrary SQL commands via...
Ebewe City Autocomplete
9.8
CVSSv3
CVE-2023-28843
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote malicious user to gain p...
202-ecommerce Paypal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started