Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-36263
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Prestashop Opartlimitquantity
NA
CVE-2023-33777
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows malicious users to execute a directory traversal attack.
Prestashop Amazon
570
VMScore
CVE-2020-26248
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
Prestashop Productcomments
NA
CVE-2022-35933
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
Prestashop Productcomments
580
VMScore
CVE-2022-31101
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workaro...
Prestashop Blockwishlist
4 Github repositories
383
VMScore
CVE-2020-15178
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing malicious users to execute arbitrary JavaScript in a victim'...
Prestashop Contactform
NA
CVE-2023-30192
Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().
Prestashop Possearchproducts 1.7
NA
CVE-2023-27569
The eo_tags package prior to 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header.
Prestashop Eo Tags
NA
CVE-2023-27570
The eo_tags package prior to 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie.
Prestashop Eo Tags
NA
CVE-2023-25206
PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection.
Prestashop Advanced Reviews
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »