Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-39526
PrestaShop is an open source e-commerce web application. Versions before 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known w...
Prestashop Prestashop 8.1.0
Prestashop Prestashop
1 Github repository
9.8
CVSSv3
CVE-2023-39524
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Prestashop Prestashop
9.8
CVSSv3
CVE-2023-33493
An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop up to and including 2.3.0, allows remote malicious users to upload dangerous files without restrictions.
Ajaxmanager Project Ajaxmanager
9.8
CVSSv3
CVE-2023-26859
SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote malicious user to gain privileges via the ajaxOrderTracking.php component.
Brevo Brevo
9.8
CVSSv3
CVE-2023-30153
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote malicious users to execute arbitrary SQL commands via the ajax.php front controller.
Prestashop Payplug
9.8
CVSSv3
CVE-2023-30151
A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote malicious users to execute arbitrary SQL commands via the `key` GET parameter.
Prestashop Prestashop
9.8
CVSSv3
CVE-2023-26861
SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote malicious user to gain privileges via the vivawallet() module.
Vivawallet Viva Wallet
9.8
CVSSv3
CVE-2023-27845
SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote malicious user to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.
Kerawen Omnichannel Stocks
9.8
CVSSv3
CVE-2023-31672
In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
Prestashop Prestashop
9.8
CVSSv3
CVE-2023-30150
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
Leotheme Leocustomajax 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »