VYPR

Prestashop

by Prestashop

Source repositories

CVEs (93)

  • CVE-2023-30838Apr 25, 2023
    risk 0.00cvss epss 0.01

    PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes`…

  • CVE-2023-30545Apr 25, 2023
    risk 0.00cvss epss 0.01

    PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a…

  • CVE-2023-25170Mar 13, 2023
    risk 0.00cvss epss 0.00

    PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable…

  • CVE-2023-23315Mar 1, 2023
    risk 0.00cvss epss 0.01

    The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a…

  • CVE-2022-46158Dec 8, 2022
    risk 0.00cvss epss 0.00

    PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users…

  • CVE-2022-31181Aug 1, 2022
    risk 0.00cvss epss 0.05

    PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised…

  • CVE-2020-21967Jul 13, 2022
    risk 0.00cvss epss 0.01

    File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.

  • CVE-2022-21686Jan 26, 2022
    risk 0.00cvss epss 0.02

    PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.

  • CVE-2021-43789Dec 7, 2021
    risk 0.00cvss epss 0.04

    PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.

  • CVE-2021-21398Mar 30, 2021
    risk 0.00cvss epss 0.01

    PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3

  • CVE-2021-21308Feb 26, 2021
    risk 0.00cvss epss 0.01

    PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2

  • CVE-2021-21302Feb 26, 2021
    risk 0.00cvss epss 0.01

    PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2

  • CVE-2020-26224Nov 16, 2020
    risk 0.00cvss epss 0.02

    In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9.

  • CVE-2020-15162Sep 24, 2020
    risk 0.00cvss epss 0.01

    In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

  • CVE-2020-15160Sep 24, 2020
    risk 0.00cvss epss 0.11

    PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8

  • CVE-2020-15161Sep 24, 2020
    risk 0.00cvss epss 0.01

    In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8

  • CVE-2020-4074Jul 2, 2020
    risk 0.00cvss epss 0.02

    In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.

  • CVE-2020-15082Jul 2, 2020
    risk 0.00cvss epss 0.01

    In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6

  • CVE-2020-15083Jul 2, 2020
    risk 0.00cvss epss 0.01

    In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6

  • CVE-2020-11074Jul 2, 2020
    risk 0.00cvss epss 0.01

    In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.