Filtered by vendor Prestashop
Subscriptions
Total
122 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21686 | 1 Prestashop | 1 Prestashop | 2025-04-23 | 9 Critical |
| PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds. | ||||
| CVE-2022-31181 | 1 Prestashop | 1 Prestashop | 2025-04-23 | 9.8 Critical |
| PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature. | ||||
| CVE-2022-35933 | 1 Prestashop | 1 Productcomments | 2025-04-23 | 6.1 Medium |
| This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2. | ||||
| CVE-2022-46158 | 1 Prestashop | 1 Prestashop | 2025-04-23 | 5.3 Medium |
| PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue. | ||||
| CVE-2022-31101 | 1 Prestashop | 1 Blockwishlist | 2025-04-22 | 8.1 High |
| prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2015-1175 | 1 Prestashop | 1 Prestashop | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter. | ||||
| CVE-2012-6641 | 1 Prestashop | 1 Prestashop | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values." | ||||
| CVE-2011-4544 | 1 Prestashop | 1 Prestashop | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php. | ||||
| CVE-2011-3796 | 1 Prestashop | 1 Prestashop | 2025-04-11 | N/A |
| PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files. | ||||
| CVE-2011-4545 | 1 Prestashop | 1 Prestashop | 2025-04-11 | N/A |
| CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter. | ||||
| CVE-2012-5801 | 1 Prestashop | 2 Ebay, Prestashop | 2025-04-11 | N/A |
| The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | ||||
| CVE-2012-5800 | 1 Prestashop | 2 Ebay Module, Prestashop | 2025-04-11 | N/A |
| The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-5799 | 2 Prestashop, Presto-changeo | 2 Prestashop, Canadapost | 2025-04-11 | N/A |
| The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | ||||
| CVE-2008-5791 | 1 Prestashop | 1 Prestashop | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components. | ||||
| CVE-2008-6503 | 1 Prestashop | 1 Prestashop | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php. | ||||
| CVE-2023-24763 | 1 Prestashop | 1 Xen Forum | 2025-03-07 | 8.8 High |
| In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0. | ||||
| CVE-2023-25207 | 1 Prestashop | 1 Dpd France | 2025-03-03 | 9.8 Critical |
| PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php. | ||||
| CVE-2023-25206 | 1 Prestashop | 1 Advanced Reviews | 2025-02-27 | 8.8 High |
| PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection. | ||||
| CVE-2023-27569 | 1 Prestashop | 1 Eo Tags | 2025-02-26 | 9.8 Critical |
| The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header. | ||||
| CVE-2023-27570 | 1 Prestashop | 1 Eo Tags | 2025-02-26 | 9.8 Critical |
| The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. | ||||