Prestashop

Prestashop

104 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-34991

  • EPSS 0.27%
  • Veröffentlicht 24.06.2024 22:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions control.

9.8

CVE-2024-34989

  • EPSS 0.12%
  • Veröffentlicht 21.06.2024 22:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().'

9.8

CVE-2024-34994

  • EPSS 0.22%
  • Veröffentlicht 19.06.2024 21:15:57
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`.

7.5

CVE-2024-36677

  • EPSS 0.42%
  • Veröffentlicht 19.06.2024 21:15:57
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is ...

6.1

CVE-2024-34716

  • EPSS 36.67%
  • Veröffentlicht 14.05.2024 16:17:28
  • Zuletzt bearbeitet 21.01.2025 16:06:58

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When ...

5.3

CVE-2024-34717

  • EPSS 0.4%
  • Veröffentlicht 14.05.2024 16:17:28
  • Zuletzt bearbeitet 21.01.2025 16:04:37

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known w...

7.5

CVE-2024-33270

  • EPSS 0.29%
  • Veröffentlicht 30.04.2024 15:15:53
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.

6.8

CVE-2024-33272

  • EPSS 0.04%
  • Veröffentlicht 29.04.2024 20:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts(...

9.8

CVE-2024-33276

  • EPSS 1.01%
  • Veröffentlicht 29.04.2024 20:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method.

9.8

CVE-2024-25845

  • EPSS 0.11%
  • Veröffentlicht 08.03.2024 02:15:50
  • Zuletzt bearbeitet 05.05.2025 15:02:24

In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.