Vulnerabilities > Prestashop > Prestashop > 1.4.0.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-07 | CVE-2023-39524 | SQL Injection vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.8 |
2023-07-13 | CVE-2023-30151 | SQL Injection vulnerability in Prestashop A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. | 9.8 |
2023-06-15 | CVE-2023-31672 | SQL Injection vulnerability in Prestashop In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability. | 9.8 |
2023-04-25 | CVE-2023-30838 | Cross-site Scripting vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 9.9 |
2023-04-25 | CVE-2023-30839 | SQL Injection vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 8.8 |
2023-04-25 | CVE-2023-30545 | SQL Injection vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 6.5 |
2023-03-13 | CVE-2023-25170 | Cross-Site Request Forgery (CSRF) vulnerability in Prestashop PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). | 8.8 |
2022-12-08 | CVE-2022-46158 | Missing Authorization vulnerability in Prestashop PrestaShop is an open-source e-commerce solution. | 4.3 |
2021-12-21 | CVE-2012-20001 | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | 4.3 |
2020-11-16 | CVE-2020-26224 | Unspecified vulnerability in Prestashop In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. | 5.0 |