Prestashop

Prestashop

100 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.9

CVE-2023-30838

  • EPSS 0.52%
  • Published 25.04.2023 19:15:11
  • Last modified 21.11.2024 08:00:56

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the prese...

6.5

CVE-2023-30545

  • EPSS 0.45%
  • Published 25.04.2023 18:15:09
  • Last modified 21.11.2024 08:00:23

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL ...

8.8

CVE-2023-25170

  • EPSS 0.03%
  • Published 13.03.2023 17:15:12
  • Last modified 21.11.2024 07:49:14

PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon...

4.3

CVE-2022-46158

  • EPSS 0.2%
  • Published 08.12.2022 22:15:10
  • Last modified 21.11.2024 07:30:13

PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue ...

9.8

CVE-2022-31181

  • EPSS 13.27%
  • Published 01.08.2022 20:15:08
  • Last modified 21.11.2024 07:04:04

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version...

4.8

CVE-2020-21967

Exploit
  • EPSS 0.17%
  • Published 13.07.2022 20:15:08
  • Last modified 21.11.2024 05:12:58

File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.

9.8

CVE-2022-21686

  • EPSS 0.63%
  • Published 26.01.2022 20:15:07
  • Last modified 21.11.2024 06:45:13

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. The...

6.1

CVE-2012-20001

  • EPSS 0.4%
  • Published 21.12.2021 16:15:08
  • Last modified 21.11.2024 01:38:16

PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.

9.8

CVE-2021-43789

  • EPSS 10.07%
  • Published 07.12.2021 17:15:10
  • Last modified 21.11.2024 06:29:47

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.

5.4

CVE-2021-21398

  • EPSS 0.26%
  • Published 30.03.2021 16:15:15
  • Last modified 21.11.2024 05:48:16

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3