Vulnerabilities > Prestashop > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-20 | CVE-2021-3110 | SQL Injection vulnerability in Prestashop 1.7.7.0 The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. | 9.8 |
2020-09-24 | CVE-2020-15160 | SQL Injection vulnerability in Prestashop PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. | 9.8 |
2020-09-15 | CVE-2020-15178 | Unspecified vulnerability in Prestashop Contactform In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. | 9.3 |
2020-07-02 | CVE-2020-4074 | Improper Authentication vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. | 9.8 |
2020-02-18 | CVE-2013-6295 | Improper Privilege Management vulnerability in Prestashop 1.5.5.0 PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | 9.8 |
2019-12-05 | CVE-2019-19595 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file. | 9.8 |
2019-12-05 | CVE-2019-19594 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file. | 9.8 |
2018-11-19 | CVE-2018-19355 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | 9.8 |
2018-11-09 | CVE-2018-19126 | Unrestricted Upload of File with Dangerous Type vulnerability in Prestashop PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. | 9.8 |
2018-07-09 | CVE-2018-13784 | Unspecified vulnerability in Prestashop PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php. | 9.1 |