Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-5269
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5
Prestashop Prestashop
6.1
CVSSv3
CVE-2020-5270
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in so...
Prestashop Prestashop
6.1
CVSSv3
CVE-2020-5271
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
Prestashop Prestashop
6.1
CVSSv3
CVE-2020-5272
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5
Prestashop Prestashop
6.5
CVSSv3
CVE-2020-5279
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/i...
Prestashop Prestashop
6.1
CVSSv3
CVE-2020-5285
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5
Prestashop Prestashop
7.5
CVSSv3
CVE-2018-19124
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 on Windows allows remote malicious users to write to arbitrary image files.
Prestashop Prestashop
7.5
CVSSv3
CVE-2018-19125
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to delete an image directory.
Prestashop Prestashop
1 Github repository
9.8
CVSSv3
CVE-2018-19126
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to execute arbitrary code via a file upload.
Prestashop Prestashop
1 Github repository
5.3
CVSSv3
CVE-2020-15081
In PrestaShop from version 1.5.0.0 and prior to 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.
Prestashop Prestashop
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »