VYPR

Prestashop

by Prestashop

Source repositories

CVEs (93)

  • CVE-2018-8823CriMar 28, 2018
    risk 0.68cvss 9.8epss 0.52

    modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.

  • CVE-2018-10942CriMay 10, 2018
    risk 0.65cvss 9.8epss 0.13

    modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.

  • CVE-2018-8824CriMay 10, 2018
    risk 0.64cvss 9.8epss 0.01

    modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter.

  • CVE-2026-44212CriMay 14, 2026
    risk 0.53cvss 9.3epss 0.00

    PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious…

  • CVE-2026-33673HigMar 26, 2026
    risk 0.42cvss 7.6epss 0.00

    PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously…

  • CVE-2018-5682MedJan 13, 2018
    risk 0.35cvss 5.3epss 0.01

    PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.

  • CVE-2018-5681MedJan 13, 2018
    risk 0.35cvss 5.4epss 0.01

    PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.

  • CVE-2025-1230MedFeb 12, 2025
    risk 0.31cvss 4.8epss 0.00

    Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘/<admin_directory>/index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query…

  • CVE-2026-33674LowMar 26, 2026
    risk 0.06cvss 2.0epss 0.00

    PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.

  • CVE-2021-3110Jan 20, 2021
    risk 0.06cvss epss 0.21

    The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.

  • CVE-2018-19126Nov 9, 2018
    risk 0.05cvss epss 0.23

    PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.

  • CVE-2018-19125Nov 9, 2018
    risk 0.04cvss epss 0.11

    PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.

  • CVE-2018-13784CriJul 9, 2018
    risk 0.04cvss 9.1epss 0.17

    PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

  • CVE-2024-41651Aug 12, 2024
    risk 0.03cvss epss 0.01

    An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an…

  • CVE-2012-2517Feb 11, 2020
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.

  • CVE-2011-4545Dec 2, 2011
    risk 0.03cvss epss 0.04

    CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.

  • CVE-2011-4544Dec 1, 2011
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville,…

  • CVE-2008-6503Mar 20, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.

  • CVE-2018-19355Nov 19, 2018
    risk 0.01cvss epss 0.04

    modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations…

  • CVE-2026-25597Feb 6, 2026
    risk 0.00cvss epss 0.00

    PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in…

Page 1 of 5