Prestashop

Prestashop

100 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-34717

  • EPSS 0.53%
  • Published 14.05.2024 16:17:28
  • Last modified 21.01.2025 16:04:37

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known w...

6.1

CVE-2024-34716

  • EPSS 36.67%
  • Published 14.05.2024 16:17:28
  • Last modified 21.01.2025 16:06:58

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When ...

7.5

CVE-2024-33270

  • EPSS 0.29%
  • Published 30.04.2024 15:15:53
  • Last modified 21.11.2024 09:16:43

An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.

9.8

CVE-2024-33276

  • EPSS 0.58%
  • Published 29.04.2024 20:15:08
  • Last modified 21.11.2024 09:16:45

SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method.

6.8

CVE-2024-33272

  • EPSS 0.04%
  • Published 29.04.2024 20:15:08
  • Last modified 21.11.2024 09:16:44

SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts(...

9.8

CVE-2024-25845

  • EPSS 0.08%
  • Published 08.03.2024 02:15:50
  • Last modified 05.05.2025 15:02:24

In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.

8.1

CVE-2024-26469

  • EPSS 0.36%
  • Published 03.03.2024 10:15:06
  • Last modified 13.05.2025 14:22:16

Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url paramete...

5.3

CVE-2024-26129

  • EPSS 0.39%
  • Published 19.02.2024 22:15:49
  • Last modified 17.01.2025 15:44:18

PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.

6.1

CVE-2024-21628

  • EPSS 0.29%
  • Published 02.01.2024 22:15:09
  • Last modified 21.11.2024 08:54:45

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not...

6.1

CVE-2024-21627

  • EPSS 0.73%
  • Published 02.01.2024 21:15:10
  • Last modified 21.11.2024 08:54:45

PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versi...