Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-4074
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
Prestashop Prestashop
10
CVSSv2
CVE-2008-5791
Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution prior to 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.
Prestashop Prestashop 1.0.0.4
Prestashop Prestashop 1.0.0.3
Prestashop Prestashop 0.9.1
Prestashop Prestashop 0.9
Prestashop Prestashop 1.0.0.2
Prestashop Prestashop 1.0.0.1
Prestashop Prestashop 0.8.5.1
Prestashop Prestashop 0.8.5
Prestashop Prestashop
Prestashop Prestashop 1.0.0.5
Prestashop Prestashop 0.9.5
Prestashop Prestashop 0.9.2
Prestashop Prestashop 0.8.2
Prestashop Prestashop 0.8.1
Prestashop Prestashop 0.9.7
Prestashop Prestashop 0.9.6
Prestashop Prestashop 0.8.4
Prestashop Prestashop 0.8.3
9
CVSSv2
CVE-2013-6358
PrestaShop 1.5.5 allows remote authenticated malicious users to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.
Prestashop Prestashop 1.5.5.0
7.5
CVSSv2
CVE-2022-21686
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
Prestashop Prestashop
7.5
CVSSv2
CVE-2021-43789
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop before 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.
Prestashop Prestashop
1 Github repository
7.5
CVSSv2
CVE-2021-40814
The Customer Photo Gallery addon prior to 2.9.4 for PrestaShop is vulnerable to SQL injection.
Mypresta Customer Photo Gallery
7.5
CVSSv2
CVE-2021-37538
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop prior to 4.06 allow a remote unauthenticated malicious user to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_...
Smartdatasoft Smartblog
7.5
CVSSv2
CVE-2021-3110
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
Prestashop Prestashop 1.7.7.0
7.5
CVSSv2
CVE-2020-15160
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
Prestashop Prestashop
7.5
CVSSv2
CVE-2020-15082
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6
Prestashop Prestashop
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »