Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop 1.7 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-19594
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote malicious users to execute arbitrary code by uploading a .php file.
Adobe Stock Api Integration 4.8
Prestashop Prestashop 1.6
Prestashop Prestashop 1.7
7.5
CVSSv2
CVE-2019-19595
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote malicious users to execute arbitrary code by uploading a .php file.
Adobe Stock Api Integration 4.8
Prestashop Prestashop 1.6
Prestashop Prestashop 1.7
NA
CVE-2023-30192
Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().
Prestashop Possearchproducts 1.7
6.4
CVSSv2
CVE-2018-19125
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to delete an image directory.
Prestashop Prestashop
1 Github repository
7.5
CVSSv2
CVE-2018-19126
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to execute arbitrary code via a file upload.
Prestashop Prestashop
1 Github repository
6.4
CVSSv2
CVE-2018-13784
PrestaShop prior to 1.6.1.20 and 1.7.x prior to 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
Prestashop Prestashop
2 EDB exploits
2 Github repositories
5
CVSSv2
CVE-2018-19124
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 on Windows allows remote malicious users to write to arbitrary image files.
Prestashop Prestashop
7.5
CVSSv2
CVE-2018-19355
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 up to and including 1.7) allows remote malicious users to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for uploa...
Prestashop Prestashop
Mypresta Customer Files Upload 2018-08-01
5
CVSSv2
CVE-2020-12120
The Correos Express addon for PrestaShop 1.6 up to and including 1.7 allows remote malicious users to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.
Prestashop Correos Express
NA
CVE-2023-30149
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or before 2.0.3 (for PrestaShop version 1.7), allows remote malicious users to execute arbitrary SQL commands via...
Ebewe City Autocomplete
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »