Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-50061
PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher().
Store-opart Op\\'art Easy Redirect
7.5
CVSSv3
CVE-2024-24304
In the module "Mailjet" (mailjet) from Mailjet for PrestaShop prior to 3.5.1, a guest can download technical information without restriction.
Sinch Mailjet
7.5
CVSSv3
CVE-2024-24311
Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.
Lineagrafica Multilingual And Multistore Sitemap Pro
9.8
CVSSv3
CVE-2024-24303
SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote malicious users to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontCo...
Hipresta Gift Wrapping Pro
9.8
CVSSv3
CVE-2023-46914
SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote malicious users to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.
Bookingcalendar Project Bookingcalendar
9.8
CVSSv3
CVE-2023-46351
In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Mypresta Manufacturers \\(brands\\) Images Block
9.8
CVSSv3
CVE-2023-50028
In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.
Prestashopmodules Sliding Cart Block
9.8
CVSSv3
CVE-2023-50030
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a ...
Joommasters Jmssetting
5.3
CVSSv3
CVE-2023-48926
An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated malicious users to arbitrarily change an order status.
Prestashop Advanced Loyalty Program
9.1
CVSSv3
CVE-2023-6921
Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.
Prestashow Google Integrator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »