Vulnerabilities > Prestashop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2013-6358 | Unrestricted Upload of File with Dangerous Type vulnerability in Prestashop 1.5.5.0 PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. | 8.8 |
| 2020-01-09 | CVE-2020-6632 | Cross-site Scripting vulnerability in Prestashop 1.7.6.2 In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. | 6.1 |
| 2019-12-05 | CVE-2019-19595 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file. | 9.8 |
| 2019-12-05 | CVE-2019-19594 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file. | 9.8 |
| 2019-07-09 | CVE-2019-13461 | Authorization Bypass Through User-Controlled Key vulnerability in Prestashop In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. | 7.5 |
| 2019-05-24 | CVE-2019-11876 | Cross-site Scripting vulnerability in multiple products In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. | 6.1 |
| 2019-01-15 | CVE-2018-20717 | Code Injection vulnerability in Prestashop In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. | 8.8 |
| 2018-11-19 | CVE-2018-19355 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | 9.8 |
| 2018-11-09 | CVE-2018-19126 | Unrestricted Upload of File with Dangerous Type vulnerability in Prestashop PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. | 9.8 |
| 2018-11-09 | CVE-2018-19125 | Unspecified vulnerability in Prestashop PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory. | 7.5 |