Vulnerabilities > Prestashop

DATE CVE VULNERABILITY TITLE RISK
2023-03-21 CVE-2023-27570 SQL Injection vulnerability in Prestashop EO Tags
The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie.
network
low complexity
prestashop CWE-89
critical
9.8
2023-03-14 CVE-2023-25206 SQL Injection vulnerability in Prestashop Advanced Reviews
PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection.
network
low complexity
prestashop CWE-89
8.8
2023-03-13 CVE-2023-25207 SQL Injection vulnerability in Prestashop DPD France
PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php.
network
low complexity
prestashop CWE-89
critical
9.8
2023-03-13 CVE-2023-25170 Unspecified vulnerability in Prestashop
PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF).
network
low complexity
prestashop
8.8
2023-03-06 CVE-2023-24763 SQL Injection vulnerability in Prestashop XEN Forum
In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.
network
low complexity
prestashop CWE-89
8.8
2022-12-08 CVE-2022-46158 Missing Authorization vulnerability in Prestashop
PrestaShop is an open-source e-commerce solution.
network
low complexity
prestashop CWE-862
4.3
2022-09-02 CVE-2022-35933 Cross-site Scripting vulnerability in Prestashop Productcomments
This package is a PrestaShop module that allows users to post reviews and rate products.
network
low complexity
prestashop CWE-79
6.1
2022-08-01 CVE-2022-31181 SQL Injection vulnerability in Prestashop
PrestaShop is an Open Source e-commerce platform.
network
low complexity
prestashop CWE-89
critical
9.8
2022-07-13 CVE-2020-21967 Cross-site Scripting vulnerability in Prestashop 1.7.6.7
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.
network
low complexity
prestashop CWE-79
4.8
2022-06-27 CVE-2022-31101 Unspecified vulnerability in Prestashop Blockwishlist 2.0.0/2.0.1/2.1.0
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists.
network
low complexity
prestashop
8.8