Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop 1.6 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-19594
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote malicious users to execute arbitrary code by uploading a .php file.
Adobe Stock Api Integration 4.8
Prestashop Prestashop 1.6
Prestashop Prestashop 1.7
668
VMScore
CVE-2019-19595
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote malicious users to execute arbitrary code by uploading a .php file.
Adobe Stock Api Integration 4.8
Prestashop Prestashop 1.6
Prestashop Prestashop 1.7
570
VMScore
CVE-2018-19125
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to delete an image directory.
Prestashop Prestashop
1 Github repository
668
VMScore
CVE-2018-19126
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to execute arbitrary code via a file upload.
Prestashop Prestashop
1 Github repository
446
VMScore
CVE-2018-19124
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 on Windows allows remote malicious users to write to arbitrary image files.
Prestashop Prestashop
445
VMScore
CVE-2020-12120
The Correos Express addon for PrestaShop 1.6 up to and including 1.7 allows remote malicious users to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.
Prestashop Correos Express
755
VMScore
CVE-2014-2008
SQL injection vulnerability in confirm.php in the mPAY24 payment module prior to 1.6 for PrestaShop allows remote malicious users to execute arbitrary SQL commands via the TID parameter.
Mpay24 Project Mpay24 1.4.3
Mpay24 Project Mpay24 1.4.4
Mpay24 Project Mpay24 1.4.0
Mpay24 Project Mpay24 1.4.8
Mpay24 Project Mpay24 1.4.9
Mpay24 Project Mpay24 1.4.1
Mpay24 Project Mpay24 1.4.2
Mpay24 Project Mpay24 1.5.0
Mpay24 Project Mpay24
Mpay24 Project Mpay24 1.4.5
Mpay24 Project Mpay24 1.4.6
Mpay24 Project Mpay24 1.4.7
1 EDB exploit
505
VMScore
CVE-2014-2009
The mPAY24 payment module prior to 1.6 for PrestaShop allows remote malicious users to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
Mpay24 Project Mpay24 1.4.3
Mpay24 Project Mpay24 1.4.4
Mpay24 Project Mpay24
Mpay24 Project Mpay24 1.4.5
Mpay24 Project Mpay24 1.4.6
Mpay24 Project Mpay24 1.4.0
Mpay24 Project Mpay24 1.4.7
Mpay24 Project Mpay24 1.4.8
Mpay24 Project Mpay24 1.4.1
Mpay24 Project Mpay24 1.4.2
Mpay24 Project Mpay24 1.4.9
Mpay24 Project Mpay24 1.5.0
1 EDB exploit
NA
CVE-2023-30149
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or before 2.0.3 (for PrestaShop version 1.7), allows remote malicious users to execute arbitrary SQL commands via...
Ebewe City Autocomplete
NA
CVE-2023-28843
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote malicious user to gain p...
202-ecommerce Paypal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started