Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25845
In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.
NA
CVE-2024-25849
In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .
NA
CVE-2024-26469
Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote malicious users to cause a denial of service (DoS) and escalate privileges via the url parameter in the postP...
NA
CVE-2024-24302
An issue exists in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote malicious users to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.
NA
CVE-2024-25839
An issue exists in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local malicious users to escalate privileges and obtain sensitive information.
NA
CVE-2024-25842
An issue exists in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote malicious users to escalate privilege and obtain sensitive information via the uploadLogo() and post...
NA
CVE-2024-25847
SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows malicious users to escalate privileges and obtain sensitive information via Send::__construct() and import...
NA
CVE-2024-25844
An issue exists in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote malicious users to escalate privileges and obtain sensitive information via debug file.
NA
CVE-2024-24307
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote malicious user to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
NA
CVE-2024-25840
In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »