Prestashop

Prestashop

105 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.63%
  • Veröffentlicht 07.08.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:15:36

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version ...

  • EPSS 0.6%
  • Veröffentlicht 07.08.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:15:36

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no ...

  • EPSS 0.74%
  • Veröffentlicht 07.08.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:15:36

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

  • EPSS 0.55%
  • Veröffentlicht 07.08.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:15:36

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

  • EPSS 1.04%
  • Veröffentlicht 25.04.2023 19:15:11
  • Zuletzt bearbeitet 21.11.2024 08:00:56

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the prese...

  • EPSS 1.69%
  • Veröffentlicht 25.04.2023 19:15:11
  • Zuletzt bearbeitet 21.11.2024 08:00:56

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7...

  • EPSS 0.86%
  • Veröffentlicht 25.04.2023 18:15:09
  • Zuletzt bearbeitet 21.11.2024 08:00:23

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL ...

  • EPSS 0.22%
  • Veröffentlicht 13.03.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 07:49:14

PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon...

  • EPSS 0.46%
  • Veröffentlicht 08.12.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:30:13

PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue ...

  • EPSS 5.17%
  • Veröffentlicht 01.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:04:04

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version...