Vulnerabilities > Prestashop > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2023-30192 SQL Injection vulnerability in Prestashop Possearchproducts 1.7
Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-05-10 CVE-2023-30194 SQL Injection vulnerability in Prestashop Poststaticfooter
Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-04-25 CVE-2023-30838 Cross-site Scripting vulnerability in Prestashop
PrestaShop is an Open Source e-commerce web application.
network
low complexity
prestashop CWE-79
critical
 9.9
9.9
2023-03-21 CVE-2023-27569 SQL Injection vulnerability in Prestashop EO Tags
The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header.
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-03-21 CVE-2023-27570 SQL Injection vulnerability in Prestashop EO Tags
The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie.
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-03-13 CVE-2023-25207 SQL Injection vulnerability in Prestashop DPD France
PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php.
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2021-01-20 CVE-2021-3110 SQL Injection vulnerability in Prestashop 1.7.7.0
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2020-07-02 CVE-2020-4074 Improper Authentication vulnerability in Prestashop
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands.
network
low complexity
prestashop CWE-287
critical
 9.8
9.8
2020-01-23 CVE-2013-6358 Unrestricted Upload of File with Dangerous Type vulnerability in Prestashop 1.5.5.0
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.
network
low complexity
prestashop CWE-434
critical
 9.0
9.0
2008-12-31 CVE-2008-5791 Security vulnerability in PrestaShop Prior to 1.1 Beta 2
Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.
network
low complexity
prestashop
critical
 10.0
10