Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46989
SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local malicious users to execute arbitrary code via the getProducts() function in the productlist.php file.
Innovadeluxe Quick Order
NA
CVE-2023-46353
In the module "Product Tag Icons Pro" (ticons) prior to 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to ...
Mypresta Product Tag Icons Pro
NA
CVE-2023-46354
In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead t...
Myprestamodules Orders \\(csv\\, Excel\\) Export Pro
NA
CVE-2023-48042
Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote malicious users to inject arbitrary JavaScript code.
Communitydeveloper Amazzing Filter
NA
CVE-2023-46349
In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial ht...
Myprestamodules Updateproducts
NA
CVE-2023-46355
In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access export...
Blmodules Csv Feeds Pro
NA
CVE-2023-48188
SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote malicious user to execute arbitrary code via a crafted script to the getModuleTranslation function.
Store-opart Op\\'art Devis
NA
CVE-2023-46357
In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call...
Myprestamodules Cross Selling In Modal Cart
NA
CVE-2023-45377
In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Chronopost Chronopost
NA
CVE-2023-45382
In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the ...
Common-services Sonice Retour
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »