EUVD-2023-34581

Malicious code in bioql PyPI...

CVE-2024-24308

SQL Injection vulnerability in Boostmyshop boostmyshopagent module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php...

CVE-2023-46914

SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via icsexport.php...

CVE-2023-30153

An SQL injection vulnerability in the Payplug payplug module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller...

PrestaShop 代码问题漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image scaling. A code issue vulnerability exists in PrestaShop v.8.1.7 and prior versions, which stems from a vulnerability that...

PT-2024-29497 · Unknown +1 · Prestashop +1

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 6.4.2 PrestaShop 1.6 versions prior to 3.18.1 Description: A logical weakness in the "PayPal Official" module for PrestaShop can be exploited by a malicious customer to confirm an order even if the payment is...

PT-2024-21958 · Prestashop · Apaczka Plugin

Name of the Vulnerable Software and Affected Versions: Apaczka plugin for PrestaShop versions v1 through v4 Description: The issue is related to improper access control in the Apaczka plugin for PrestaShop, allowing unauthorized information gathering from saved templates without the need for...

PT-2024-20350 · Prestashop · Ecomiz Survey Tma Module

Name of the Vulnerable Software and Affected Versions: Ecomiz Survey TMA module for PrestaShop versions up to 2.0.0 Description: A guest can download personal information without restriction in the affected module. Recommendations: For versions up to 2.0.0, update to a version later than 2.0.0 to...

PT-2024-21289 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions 8.1.0 through 8.1.3 Description: The issue concerns path disclosure in a JavaScript variable. A patch is available to resolve this problem. Recommendations: For PrestaShop versions 8.1.0 through 8.1.3, update to version...

PT-2023-29533 · Prestashop +1 · Carousels Pack +1

Name of the Vulnerable Software and Affected Versions: Carousels Pack - Instagram, Products, Brands, Supplier hicarouselspack for PrestaShop versions up to 1.5.0 Description: A guest can perform SQL injection via the HiCpProductGetter::getViewedProduct function. This issue allows for potential da...

PT-2023-21999 · Prestashop · Shoppingfeed Prestashop

Name of the Vulnerable Software and Affected Versions: Shoppingfeed PrestaShop versions 1.4.0 through 1.8.2 Description: The Shoppingfeed PrestaShop module is vulnerable to SQL injection due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Recommendations: For...

CVE-2020-12120

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers...