By Risk Score
By Publish Date
By Recent Activity
prestashop vulnerabilities and exploits
(subscribe to this query)
PrestaShop before 1.4.11 allows logout CSRF....
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php....
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module...
PrestaShop 18.104.22.168 has XSS via source-code editing on the "Pages > Edit page" screen....
1 Github repository available
In PrestaShop before 22.214.171.124 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer...
PrestaShop before 126.96.36.199 and 1.7.x before 188.8.131.52 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php....
2 EDB exploits available
4 Github repositories available
In PrestaShop between versions 184.108.40.206 and 220.127.116.11, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 18.104.22.168....
In PrestaShop from version 22.214.171.124 and before version 126.96.36.199, the dashboard allows rewriting all configuration variables. The problem is fixed in 188.8.131.52...
PrestaShop 1.6.x before 184.108.40.206 and 1.7.x before 220.127.116.11 allows remote attackers to delete an image directory....
2 Github repositories available
NULL pointer dereference