Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25848
In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.
NA
CVE-2024-25849
In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .
NA
CVE-2024-26469
Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote malicious users to cause a denial of service (DoS) and escalate privileges via the url parameter in the postP...
NA
CVE-2024-24302
An issue exists in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote malicious users to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.
NA
CVE-2024-25839
An issue exists in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local malicious users to escalate privileges and obtain sensitive information.
NA
CVE-2024-25842
An issue exists in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote malicious users to escalate privilege and obtain sensitive information via the uploadLogo() and post...
NA
CVE-2024-25847
SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows malicious users to escalate privileges and obtain sensitive information via Send::__construct() and import...
NA
CVE-2024-24307
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote malicious user to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
NA
CVE-2024-25844
An issue exists in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote malicious users to escalate privileges and obtain sensitive information via debug file.
NA
CVE-2024-25841
In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »