Lucene search
K

2762 matches found

NVD
NVD
added yesterday4 views

CVE-2026-14846

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the...

4.5CVSS0.0033EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-14846

CVE-2026-14846 affects PrestaShop version 8.2.1. The flaw arises from incorrect sanitisation due to inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This allows an attacker to inject malicious expressions that are executed when exporting data with the ‘Get my ...

4.5CVSS6.1AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-14846 Incorrect neutralisation in the PrestaShop firmware

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the...

4.5CVSS0.0033EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday72 views

PrestaShop Product Comments <4.2.0 - SQL Injection

PrestaShop Product Comments module before version 4.2.1 contains a SQL injection vulnerability, An attacker can use a blind SQL injection to retrieve data or stop the MySQL service, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized administrative...

8.2CVSS7AI score0.12388EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday36 views

PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory

PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file. id: CVE-2020-15081 info: name: PrestaShop 1.7.6.6 - Information Exposure via Upload Directory author: 0xAkoko severity: lo...

5.3CVSS6.2AI score0.01648EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday54 views

PrestaShop `tshirtecommerce` Module - SQL Injection

The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the designer endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database. id: CVE-2023-27637 info: name: PrestaShop tshirtecommerce Module - SQL...

9.8CVSS7.2AI score0.03299EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday39 views

tshirtecommerce PrestaShop Module - SQL Injection

The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the tshirtecommercedesigncartid parameter, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database. This is due to lack of input sanitization, as shown in t...

9.8CVSS7.2AI score0.03299EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday44 views

Prestashop posstaticfooter <= 1.0.0 - SQL Injection

Prestashop posstaticfooter = 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook. id: CVE-2023-30194 info: name: Prestashop posstaticfooter = 1.0.0 - SQL Injection author: daffainfo severity: critical description: | Prestashop posstaticfooter = 1.0.0 is vulnerable to SQL...

9.8CVSS7.1AI score0.32413EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday47 views

PrestaShop fieldpopupnewsletter Module - Cross Site Scripting

Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php. id: CVE-2023-39676 info: name: PrestaShop fieldpopupnewsletter Module - Cross Site Scripting author: meme-lord severity: medium...

6.1CVSS6.4AI score0.01343EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday87 views

PrestaShop Theme Volty CMS Blog - SQL Injection

In the module 'Theme Volty CMS Blog' tvcmsblog up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-39650 info: name: PrestaShop Theme Volty CMS Blog - SQL Injection author: mastercho severity: critical description: | In the...

9.8CVSS7AI score0.03631EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday129 views

PrestaShop TshirteCommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...

7.5CVSS7AI score0.03551EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday192 views

PrestaShop AdvancedPopupCreator - SQL Injection

In the module “Advanced Popup Creator” advancedpopupcreator from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-27032 info: name: PrestaShop AdvancedPopupCreator - SQL Injection author: MaStErChO severity: critical description: | In the module...

9.8CVSS7AI score0.0304EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday143 views

PrestaShop tshirtecommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27640 info: name: PrestaShop tshirtecommerce...

7.5CVSS7AI score0.03573EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday44 views

PrestaShop 'possearchproducts' <= 1.7 - SQL Injection

In the module “Search Products” possearchproducts from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-30192 info: name: PrestaShop 'possearchproducts' = 1.7 - SQL Injection author: mastercho severity: critical description: | In the module “Search...

9.8CVSS7AI score0.02678EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday62 views

PrestaShop productsalert - SQL Injection

In the module 'Products Alert' productsalert up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2024-36683 info: name: PrestaShop productsalert - SQL Injection author: mastercho severity: critical description: | In the module...

7.3CVSS6.1AI score0.00963EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday79 views

PrestaShop MyPrestaModules - PhpInfo Disclosure

PrestaShop modules by MyPrestaModules expose PHPInfo id: CVE-2023-39677 info: name: PrestaShop MyPrestaModules - PhpInfo Disclosure author: meme-lord severity: high description: | PrestaShop modules by MyPrestaModules expose PHPInfo remediation: | Apply the latest security patches and updates fro...

7.5CVSS7AI score0.30806EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday154 views

PrestaShop Step by Step products Pack - SQL Injection

In the module “Step by Step products Pack” ndksteppingpack up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-46347 info: name: PrestaShop Step by Step products Pack - SQL Injection author: MaStErChO severity: critical description: | I...

9.8CVSS7AI score0.49885EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday105 views

PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection

PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection blind via the sbcategory parameter. id: CVE-2021-36748 info: name: PrestaHome Blog for PrestaShop 1.7.8 - SQL Injection author: whoever severity: high description: PrestaHome Blog for PrestaShop prior to versio...

7.5CVSS7AI score0.15415EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday90 views

PrestaShop PireosPay - SQL Injection

In the module “PireosPay” pireospay up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-45375 info: name: PrestaShop PireosPay - SQL Injection author: MaStErChO severity: high description: | In the module “PireosPay”...

8.8CVSS7AI score0.38457EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday191 views

Prestashop AttributeWizardPro Module - Arbitrary File Upload

In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file. id: CVE-2018-10942 info: name: Prestashop AttributeWizardPro Module - Arbitrary File Upload author: MaStErChO severity: critical description: | In the Attribute Wizard add...

9.8CVSS7.3AI score0.12744EPSS
Exploits1References3
Rows per page
Query Builder