📦 Prestashop
by Prestashop
🔍 What is Prestashop?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This is a stored cross-site scripting (XSS) vulnerability in PrestaShop that allows attackers to upload malicious files through the contact form. When an administrator opens the infected attachment in...
This CVE allows attackers to execute arbitrary code on PrestaShop e-commerce platforms through SQL injection and arbitrary file write vulnerabilities in the back office. Attackers can gain full contro...
This CVE describes a SQL injection vulnerability in PrestaShop e-commerce software that allows back-office users to perform unauthorized database operations. Users with back-office access can write, u...
This vulnerability allows attackers to inject Twig template code into the PrestaShop back office when using legacy layouts. Successful exploitation could lead to remote code execution or data manipula...
CVE-2021-3110 is a time-based blind SQL injection vulnerability in PrestaShop's product comments module. Attackers can exploit this to extract sensitive database information by manipulating the id_pro...
CVE-2020-15160 is a blind SQL injection vulnerability in PrestaShop's Catalog Product edition page that allows attackers to execute arbitrary SQL commands. This affects PrestaShop versions 1.7.5.0 thr...
This vulnerability in PrestaShop allows remote code execution through the module upgrade functionality. It affects PrestaShop versions 8.1.7 and earlier. Exploitation requires an attacker to hijack ne...
This vulnerability allows attackers to inject malicious scripts into PrestaShop websites through cross-site scripting (XSS) attacks. The flaw in the ValidateCore::isCleanHTML() method fails to properl...
CVE-2021-43789 is a blind SQL injection vulnerability in PrestaShop e-commerce software that allows attackers to execute arbitrary SQL queries through search filters. This affects PrestaShop versions ...
PrestaShop versions before 8.2.4 and 9.0.3 have a time-based user enumeration vulnerability in authentication that allows attackers to determine if customer accounts exist by analyzing response time d...
A PHAR deserialization vulnerability in PrestaShop v8.2.0 allows attackers to execute arbitrary code on the server by sending a specially crafted POST request. This affects all websites running Presta...
A NULL pointer dereference vulnerability exists in PrestaShop 8.1.4's math_round function in Tools.php. This vulnerability could cause the application to crash when processing certain malformed input....