Prestashop

Prestashop

105 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.26%
  • Veröffentlicht 12.08.2024 17:15:17
  • Zuletzt bearbeitet 09.10.2024 18:15:05

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack ne...

  • EPSS 0.38%
  • Veröffentlicht 24.06.2024 22:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions control.

  • EPSS 0.49%
  • Veröffentlicht 21.06.2024 22:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().'

  • EPSS 0.41%
  • Veröffentlicht 19.06.2024 21:15:57
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`.

  • EPSS 0.38%
  • Veröffentlicht 19.06.2024 21:15:57
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is ...

  • EPSS 56.17%
  • Veröffentlicht 14.05.2024 16:17:28
  • Zuletzt bearbeitet 21.01.2025 16:06:58

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When ...

  • EPSS 0.52%
  • Veröffentlicht 14.05.2024 16:17:28
  • Zuletzt bearbeitet 21.01.2025 16:04:37

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known w...

  • EPSS 0.59%
  • Veröffentlicht 30.04.2024 15:15:53
  • Zuletzt bearbeitet 09.07.2026 01:19:02

An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.

  • EPSS 0.39%
  • Veröffentlicht 29.04.2024 20:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts(...

  • EPSS 0.6%
  • Veröffentlicht 29.04.2024 20:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method.