Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.
Prestashop Prestashop 1.7.2.4
5.3
CVSSv3
CVE-2018-5682
PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.
Prestashop Prestashop 1.7.2.4
NA
CVE-2012-5799
The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an...
Prestashop Prestashop -
Presto-changeo Canadapost -
6.1
CVSSv3
CVE-2019-11876
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing t...
Prestashop Prestashop 1.7.5.2
Drupal Drupal 8.7.0
9.8
CVSSv3
CVE-2018-19355
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 up to and including 1.7) allows remote malicious users to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for uploa...
Prestashop Prestashop
Mypresta Customer Files Upload 2018-08-01
9.8
CVSSv3
CVE-2018-8823
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 up to and including 1.7.2.5 allows remote malicious users to execute arbitrary PHP code via the code parameter.
Responsive Mega Menu Pro Project Responsive Mega Menu Pro 1.0.32
Prestashop Prestashop
9.8
CVSSv3
CVE-2018-8824
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 up to and including 1.7.2.5 allows remote malicious users to execute a SQL Injection through function calls in the code parameter.
Responsive Mega Menu Pro Project Responsive Mega Menu Pro 1.0.32
Prestashop Prestashop
6.1
CVSSv3
CVE-2022-35933
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
Prestashop Productcomments
9.8
CVSSv3
CVE-2023-30153
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote malicious users to execute arbitrary SQL commands via the ajax.php front controller.
Prestashop Payplug
9.8
CVSSv3
CVE-2023-30194
Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().
Prestashop Poststaticfooter
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »