Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30545
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `...
Prestashop Prestashop
2 Github repositories
7.5
CVSSv2
CVE-2021-43789
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop before 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.
Prestashop Prestashop
1 Github repository
3.5
CVSSv2
CVE-2013-4791
PrestaShop prior to 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
Prestashop Prestashop
3.5
CVSSv2
CVE-2013-4792
PrestaShop prior to 1.4.11 allows logout CSRF.
Prestashop Prestashop
5
CVSSv2
CVE-2018-19124
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 on Windows allows remote malicious users to write to arbitrary image files.
Prestashop Prestashop
NA
CVE-2023-39524
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Prestashop Prestashop
NA
CVE-2023-39525
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch f...
Prestashop Prestashop
NA
CVE-2023-39528
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for thi...
Prestashop Prestashop
NA
CVE-2023-39529
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Prestashop Prestashop
NA
CVE-2023-25170
PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same...
Prestashop Prestashop
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »