Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2018-19125
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to delete an image directory.
Prestashop Prestashop
1 Github repository
517
VMScore
CVE-2012-5799
The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an...
Prestashop Prestashop -
Presto-changeo Canadapost -
517
VMScore
CVE-2012-5800
The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certifi...
Prestashop Prestashop -
Prestashop Ebay Module -
517
VMScore
CVE-2012-5801
The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certi...
Prestashop Prestashop -
Prestashop Ebay -
516
VMScore
CVE-2020-5270
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in so...
Prestashop Prestashop
505
VMScore
CVE-2014-2009
The mPAY24 payment module prior to 1.6 for PrestaShop allows remote malicious users to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
Mpay24 Project Mpay24 1.4.0
Mpay24 Project Mpay24 1.4.3
Mpay24 Project Mpay24 1.4.6
Mpay24 Project Mpay24 1.4.1
Mpay24 Project Mpay24 1.4.9
Mpay24 Project Mpay24 1.4.7
Mpay24 Project Mpay24 1.4.4
Mpay24 Project Mpay24
Mpay24 Project Mpay24 1.4.8
Mpay24 Project Mpay24 1.5.0
Mpay24 Project Mpay24 1.4.5
Mpay24 Project Mpay24 1.4.2
1 EDB exploit
505
VMScore
CVE-2011-4545
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
Prestashop Prestashop 1.4.4.1
1 EDB exploit
490
VMScore
CVE-2020-15079
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
Prestashop Prestashop
450
VMScore
CVE-2011-4544
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop prior to 1.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) ...
Prestashop Prestashop 0.9.1
Prestashop Prestashop 0.8.4
Prestashop Prestashop 1.4
Prestashop Prestashop 1.0.0.3
Prestashop Prestashop 0.9.5
Prestashop Prestashop 0.9.7
Prestashop Prestashop 0.9.2
Prestashop Prestashop 1.0.0.2
Prestashop Prestashop 0.8.3
Prestashop Prestashop
Prestashop Prestashop 0.8.1
Prestashop Prestashop 1.0.0.5
Prestashop Prestashop 0.8.5
Prestashop Prestashop 0.9
Prestashop Prestashop 0.8.2
Prestashop Prestashop 1.0.0.4
Prestashop Prestashop 1.0
Prestashop Prestashop 1.1.0.3
Prestashop Prestashop 1.0.0.1
Prestashop Prestashop 0.9.6
Prestashop Prestashop 0.8.5.1
4 EDB exploits
446
VMScore
CVE-2018-19124
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 on Windows allows remote malicious users to write to arbitrary image files.
Prestashop Prestashop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »