Prestashop

Prestashop

104 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2023-39529

  • EPSS 0.86%
  • Veröffentlicht 07.08.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:15:36

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no ...

9.1

CVE-2023-39530

  • EPSS 0.93%
  • Veröffentlicht 07.08.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:15:36

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

9.8

CVE-2023-39524

  • EPSS 0.43%
  • Veröffentlicht 07.08.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:15:36

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

9.9

CVE-2023-30838

  • EPSS 1.38%
  • Veröffentlicht 25.04.2023 19:15:11
  • Zuletzt bearbeitet 21.11.2024 08:00:56

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the prese...

8.8

CVE-2023-30839

  • EPSS 4.59%
  • Veröffentlicht 25.04.2023 19:15:11
  • Zuletzt bearbeitet 21.11.2024 08:00:56

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7...

6.5

CVE-2023-30545

  • EPSS 0.77%
  • Veröffentlicht 25.04.2023 18:15:09
  • Zuletzt bearbeitet 21.11.2024 08:00:23

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL ...

8.8

CVE-2023-25170

  • EPSS 0.14%
  • Veröffentlicht 13.03.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 07:49:14

PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon...

4.3

CVE-2022-46158

  • EPSS 0.07%
  • Veröffentlicht 08.12.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:30:13

PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue ...

9.8

CVE-2022-31181

  • EPSS 78.27%
  • Veröffentlicht 01.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:04:04

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version...

4.8

CVE-2020-21967

Exploit
  • EPSS 0.17%
  • Veröffentlicht 13.07.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 05:12:58

File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.