Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50061
PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher().
Store-opart Op\\'art Easy Redirect
NA
CVE-2023-46914
SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote malicious users to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.
Bookingcalendar Project Bookingcalendar
NA
CVE-2024-24303
SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote malicious users to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontCo...
Hipresta Gift Wrapping Pro
NA
CVE-2024-24304
In the module "Mailjet" (mailjet) from Mailjet for PrestaShop prior to 3.5.1, a guest can download technical information without restriction.
Sinch Mailjet
NA
CVE-2024-24311
Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.
Lineagrafica Multilingual And Multistore Sitemap Pro
NA
CVE-2023-50030
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a ...
Joommasters Jmssetting
NA
CVE-2023-50028
In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.
Prestashopmodules Sliding Cart Block
NA
CVE-2023-46351
In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Mypresta Manufacturers \\(brands\\) Images Block
NA
CVE-2023-48926
An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated malicious users to arbitrarily change an order status.
Prestashop Advanced Loyalty Program
NA
CVE-2023-6921
Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.
Prestashow Google Integrator
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »