Vulnerabilities > Prestashop > Prestashop > 1.4.11.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-16 | CVE-2020-26224 | Unspecified vulnerability in Prestashop In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. | 7.5 |
| 2019-07-09 | CVE-2019-13461 | Authorization Bypass Through User-Controlled Key vulnerability in Prestashop In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. | 7.5 |
| 2019-01-15 | CVE-2018-20717 | Code Injection vulnerability in Prestashop In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. | 8.8 |
| 2018-07-09 | CVE-2018-13784 | Unspecified vulnerability in Prestashop PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php. | 9.1 |
| 2018-02-26 | CVE-2018-7491 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Prestashop In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values. | 7.5 |