Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-30153
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote malicious users to execute arbitrary SQL commands via the ajax.php front controller.
Prestashop Payplug
7.5
CVSSv3
CVE-2023-30282
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.
Prestashop Scexportcustomers
8.2
CVSSv3
CVE-2020-26248
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
Prestashop Productcomments
8.8
CVSSv3
CVE-2022-31101
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workaro...
Prestashop Blockwishlist
4 Github repositories
9.8
CVSSv3
CVE-2023-30194
Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().
Prestashop Poststaticfooter
9.3
CVSSv3
CVE-2020-15178
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing malicious users to execute arbitrary JavaScript in a victim'...
Prestashop Contactform
8.8
CVSSv3
CVE-2023-24763
In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.
Prestashop Xen Forum
9.8
CVSSv3
CVE-2023-25207
PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php.
Prestashop Dpd France
9.8
CVSSv3
CVE-2023-27570
The eo_tags package prior to 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie.
Prestashop Eo Tags
9.8
CVSSv3
CVE-2023-30192
Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().
Prestashop Possearchproducts 1.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »