Vulnerabilities > Prestashop > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-19 | CVE-2024-36684 | SQL Injection vulnerability in Prestashop PK Customlinks In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2023-10-31 | CVE-2023-36263 | SQL Injection vulnerability in Prestashop Opartlimitquantity 1.4.5 Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. | 9.8 |
| 2023-08-07 | CVE-2023-39525 | Path Traversal vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.1 |
| 2023-08-07 | CVE-2023-39526 | SQL Injection vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.8 |
| 2023-08-07 | CVE-2023-39529 | Unspecified vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.1 |
| 2023-08-07 | CVE-2023-39530 | Improper Input Validation vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.1 |
| 2023-08-07 | CVE-2023-39524 | SQL Injection vulnerability in Prestashop PrestaShop is an open source e-commerce web application. | 9.8 |
| 2023-07-18 | CVE-2023-30153 | SQL Injection vulnerability in Prestashop Payplug An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller. | 9.8 |
| 2023-07-13 | CVE-2023-30151 | SQL Injection vulnerability in Prestashop A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. | 9.8 |
| 2023-06-15 | CVE-2023-31672 | SQL Injection vulnerability in Prestashop In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability. | 9.8 |