Vulnerabilities > Prestashop > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-19 CVE-2024-36684 SQL Injection vulnerability in Prestashop PK Customlinks
In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection.
network
low complexity
prestashop CWE-89
critical
9.8
2023-10-31 CVE-2023-36263 SQL Injection vulnerability in Prestashop Opartlimitquantity 1.4.5
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection.
network
low complexity
prestashop CWE-89
critical
9.8
2023-08-07 CVE-2023-39525 Unspecified vulnerability in Prestashop
PrestaShop is an open source e-commerce web application.
network
low complexity
prestashop
critical
9.1
2023-08-07 CVE-2023-39526 Unspecified vulnerability in Prestashop
PrestaShop is an open source e-commerce web application.
network
low complexity
prestashop
critical
9.8
2023-08-07 CVE-2023-39529 Unspecified vulnerability in Prestashop
PrestaShop is an open source e-commerce web application.
network
low complexity
prestashop
critical
9.1
2023-08-07 CVE-2023-39530 Unspecified vulnerability in Prestashop
PrestaShop is an open source e-commerce web application.
network
low complexity
prestashop
critical
9.1
2023-08-07 CVE-2023-39524 Unspecified vulnerability in Prestashop
PrestaShop is an open source e-commerce web application.
network
low complexity
prestashop
critical
9.8
2023-07-18 CVE-2023-30153 SQL Injection vulnerability in Prestashop Payplug
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.
network
low complexity
prestashop CWE-89
critical
9.8
2023-07-13 CVE-2023-30151 SQL Injection vulnerability in Prestashop
A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter.
network
low complexity
prestashop CWE-89
critical
9.8
2023-06-15 CVE-2023-31672 SQL Injection vulnerability in Prestashop
In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
network
low complexity
prestashop CWE-89
critical
9.8