Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25839
An issue exists in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local malicious users to escalate privileges and obtain sensitive information.
NA
CVE-2024-25842
An issue exists in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote malicious users to escalate privilege and obtain sensitive information via the uploadLogo() and post...
NA
CVE-2024-25847
SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows malicious users to escalate privileges and obtain sensitive information via Send::__construct() and import...
NA
CVE-2024-24302
An issue exists in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote malicious users to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.
NA
CVE-2024-25844
An issue exists in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote malicious users to escalate privileges and obtain sensitive information via debug file.
NA
CVE-2024-24307
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote malicious user to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
NA
CVE-2024-25840
In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
NA
CVE-2024-25841
In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection.
NA
CVE-2024-25846
In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.
NA
CVE-2024-25843
In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »