207 matches found
Prestashop posstaticfooter <= 1.0.0 - SQL Injection
Prestashop posstaticfooter = 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook. id: CVE-2023-30194 info: name: Prestashop posstaticfooter = 1.0.0 - SQL Injection author: daffainfo severity: critical description: | Prestashop posstaticfooter = 1.0.0 is vulnerable to SQL...
CVE-2026-39079
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...
Cross-site Scripting (XSS)
Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Customer Service view process. An attacker can...
EUVD-2026-16441
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...
Improper Use of Validation Framework
Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Improper Use of Validation Framework in the validation framework. An attacker can...
CVE-2023-25206
PrestaShop wsproductreviews 3.6.2 is vulnerable to SQL Injection...
CVE-2023-45382
In the module "SoNice Retour" soniceretour up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a gues...
CVE-2023-45377
In the module "Chronopost Official" chronopost for PrestaShop, a guest can perform SQL injection. The script PHP cancelSkybill.php own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-31672
In the PrestaShop 2.4.3 module "Length, weight or volume sell" ailinear there is a SQL injection vulnerability...
CVE-2019-11876
In PrestaShop 1.7.5.2, the shopcountry parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup accepting terms and conditions before executing the malicious link...
CVE-2020-12120
The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers...
CVE-2023-43663
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit ce1f6708 addresses this issue and is included i...
CVE-2022-31181
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...
CVE-2024-41670
In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disable...
EUVD-2020-3442
Malware in sbrugna...
EUVD-2020-26475
Malware in sbrugna...
EUVD-2013-6121
Malware in sbrugna...
EUVD-2020-26462
Malware in sbrugna...
EUVD-2019-4932
Malware in sbrugna...
EUVD-2018-10837
Malware in sbrugna...