Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2013-4792
PrestaShop prior to 1.4.11 allows logout CSRF.
Prestashop Prestashop
4.9
CVSSv2
CVE-2020-5250
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all acc...
Prestashop Prestashop
1 Github repository
NA
CVE-2023-30151
A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote malicious users to execute arbitrary SQL commands via the `key` GET parameter.
Prestashop Prestashop
4.3
CVSSv2
CVE-2012-20001
PrestaShop prior to 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.
Prestashop Prestashop
4.3
CVSSv2
CVE-2020-5265
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
Prestashop Prestashop
5
CVSSv2
CVE-2018-7491
In PrestaShop up to and including 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content...
Prestashop Prestashop
NA
CVE-2023-31672
In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
Prestashop Prestashop
NA
CVE-2023-30545
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `...
Prestashop Prestashop
2 Github repositories
5
CVSSv2
CVE-2020-26224
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9.
Prestashop Prestashop
5
CVSSv2
CVE-2018-19124
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 on Windows allows remote malicious users to write to arbitrary image files.
Prestashop Prestashop
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »