Prestashop

Prestashop

105 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4%
  • Veröffentlicht 05.12.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:00

reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.

Exploit
  • EPSS 4%
  • Veröffentlicht 05.12.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:01

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.

Exploit
  • EPSS 1.68%
  • Veröffentlicht 09.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:24:56

In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak...

Exploit
  • EPSS 0.89%
  • Veröffentlicht 24.05.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:56

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and ...

Exploit
  • EPSS 2.71%
  • Veröffentlicht 15.01.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:01

In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the...

Exploit
  • EPSS 3.5%
  • Veröffentlicht 19.11.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:47

modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to produc...

  • EPSS 2.89%
  • Veröffentlicht 09.11.2018 11:29:03
  • Zuletzt bearbeitet 21.11.2024 03:57:22

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files.

Exploit
  • EPSS 10.76%
  • Veröffentlicht 09.11.2018 11:29:03
  • Zuletzt bearbeitet 21.11.2024 03:57:22

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.

Exploit
  • EPSS 22.54%
  • Veröffentlicht 09.11.2018 11:29:03
  • Zuletzt bearbeitet 21.11.2024 03:57:22

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.

Exploit
  • EPSS 16.67%
  • Veröffentlicht 09.07.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:47:58

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.