Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43664
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in com...
Prestashop Prestashop
NA
CVE-2023-34576
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq up to and including 1.0.3 allows remote malicious users to run arbitrary SQL commands via unspedified vector.
Opartfaq Project Opartfaq
NA
CVE-2023-34577
SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and previous versions allows remote malicious users to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.
Planned Popup Project Planned Popup
NA
CVE-2023-39675
SimpleImportProduct Prestashop Module v6.2.9 exists to contain a SQL injection vulnerability via the key parameter at send.php.
Simpleimportproduct Project Simpleimportproduct 6.2.9
NA
CVE-2023-34575
SQL injection vulnerability in PrestaShop opartsavecart up to and including 2.0.7 allows remote malicious users to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() m...
Op\\'art Save Cart Project Op\\'art Save Cart
NA
CVE-2023-39677
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.
Updateproducts Project Updateproducts 3.6.9
Simpleimportproduct Project Simpleimportproduct 6.2.9
NA
CVE-2022-45448
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will ...
Prestashop M4 Pdf
NA
CVE-2022-45447
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits t...
Prestashop M4 Pdf
NA
CVE-2023-39676
FieldPopupNewsletter Prestashop Module v1.0.0 exists to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.
Fieldthemes Fieldpopupnewsletter 1.0.0
NA
CVE-2023-33663
In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue.
Ai-dev Aicustomfee
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »