Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop prestashop 1.6 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-19594
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote malicious users to execute arbitrary code by uploading a .php file.
Adobe Stock Api Integration 4.8
Prestashop Prestashop 1.6
Prestashop Prestashop 1.7
7.5
CVSSv2
CVE-2019-19595
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote malicious users to execute arbitrary code by uploading a .php file.
Adobe Stock Api Integration 4.8
Prestashop Prestashop 1.6
Prestashop Prestashop 1.7
7.5
CVSSv2
CVE-2018-19126
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to execute arbitrary code via a file upload.
Prestashop Prestashop
1 Github repository
7.5
CVSSv2
CVE-2014-2008
SQL injection vulnerability in confirm.php in the mPAY24 payment module prior to 1.6 for PrestaShop allows remote malicious users to execute arbitrary SQL commands via the TID parameter.
Mpay24 Project Mpay24 1.4.0
Mpay24 Project Mpay24 1.4.3
Mpay24 Project Mpay24 1.4.6
Mpay24 Project Mpay24 1.4.1
Mpay24 Project Mpay24 1.4.9
Mpay24 Project Mpay24 1.4.7
Mpay24 Project Mpay24 1.4.4
Mpay24 Project Mpay24
Mpay24 Project Mpay24 1.4.8
Mpay24 Project Mpay24 1.5.0
Mpay24 Project Mpay24 1.4.5
Mpay24 Project Mpay24 1.4.2
1 EDB exploit
6.4
CVSSv2
CVE-2018-19125
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to delete an image directory.
Prestashop Prestashop
1 Github repository
5
CVSSv2
CVE-2020-12120
The Correos Express addon for PrestaShop 1.6 up to and including 1.7 allows remote malicious users to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.
Prestashop Correos Express
5
CVSSv2
CVE-2018-19124
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 on Windows allows remote malicious users to write to arbitrary image files.
Prestashop Prestashop
5
CVSSv2
CVE-2014-2009
The mPAY24 payment module prior to 1.6 for PrestaShop allows remote malicious users to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
Mpay24 Project Mpay24 1.4.0
Mpay24 Project Mpay24 1.4.3
Mpay24 Project Mpay24 1.4.6
Mpay24 Project Mpay24 1.4.1
Mpay24 Project Mpay24 1.4.9
Mpay24 Project Mpay24 1.4.7
Mpay24 Project Mpay24 1.4.4
Mpay24 Project Mpay24
Mpay24 Project Mpay24 1.4.8
Mpay24 Project Mpay24 1.5.0
Mpay24 Project Mpay24 1.4.5
Mpay24 Project Mpay24 1.4.2
1 EDB exploit
NA
CVE-2023-30149
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or before 2.0.3 (for PrestaShop version 1.7), allows remote malicious users to execute arbitrary SQL commands via...
Ebewe City Autocomplete
NA
CVE-2023-28843
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote malicious user to gain p...
202-ecommerce Paypal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started