Vulnerabilities > Prestashop

DATE CVE VULNERABILITY TITLE RISK
2023-07-18 CVE-2023-30153 SQL Injection vulnerability in Prestashop Payplug
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-07-13 CVE-2023-30151 SQL Injection vulnerability in Prestashop
A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter.
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-06-15 CVE-2023-31672 SQL Injection vulnerability in Prestashop
In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-05-12 CVE-2023-30192 SQL Injection vulnerability in Prestashop Possearchproducts 1.7
Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-05-10 CVE-2023-30194 SQL Injection vulnerability in Prestashop Poststaticfooter
Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-05-04 CVE-2023-30282 Unspecified vulnerability in Prestashop Scexportcustomers
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control.
network
low complexity
prestashop
7.5
7.5
2023-04-25 CVE-2023-30838 Cross-site Scripting vulnerability in Prestashop
PrestaShop is an Open Source e-commerce web application.
network
low complexity
prestashop CWE-79
critical
 9.9
9.9
2023-04-25 CVE-2023-30839 SQL Injection vulnerability in Prestashop
PrestaShop is an Open Source e-commerce web application.
network
low complexity
prestashop CWE-89
8.8
8.8
2023-04-25 CVE-2023-30545 SQL Injection vulnerability in Prestashop
PrestaShop is an Open Source e-commerce web application.
network
low complexity
prestashop CWE-89
6.5
6.5
2023-03-21 CVE-2023-27569 SQL Injection vulnerability in Prestashop EO Tags
The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header.
network
low complexity
prestashop CWE-89
critical
 9.8
9.8