Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-4545
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
Prestashop Prestashop 1.4.4.1
1 EDB exploit
5.4
CVSSv3
CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.
Prestashop Prestashop 1.7.2.4
9.8
CVSSv3
CVE-2021-3110
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
Prestashop Prestashop 1.7.7.0
NA
CVE-2008-6503
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
Prestashop Prestashop 1.1.0.3
2 EDB exploits
9.8
CVSSv3
CVE-2013-6295
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module
Prestashop Prestashop 1.5.5.0
8.8
CVSSv3
CVE-2013-6358
PrestaShop 1.5.5 allows remote authenticated malicious users to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.
Prestashop Prestashop 1.5.5.0
5.4
CVSSv3
CVE-2020-5294
PrestaShop module ps_facetedsearch versions prior to 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
Prestashop Prestashop Socialfollow
5.3
CVSSv3
CVE-2018-5682
PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.
Prestashop Prestashop 1.7.2.4
4.8
CVSSv3
CVE-2020-21967
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote malicious users to run arbitrary code via the add new file page.
Prestashop Prestashop 1.7.6.7
6.1
CVSSv3
CVE-2020-6632
In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.
Prestashop Prestashop 1.7.6.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »