Shodan
Vulnerabilities
Vulnerable Software
Prestashop:  Security Vulnerabilities
CVE-2020-5250
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4.
CVSS Score
7.6
EPSS Score
0.006
Published
2020-03-05
CVE-2013-6295
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module
CVSS Score
9.8
EPSS Score
0.003
Published
2020-02-18
CVE-2013-4791
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-14
CVE-2013-4792
PrestaShop before 1.4.11 allows logout CSRF.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-14
CVE-2012-2517
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-02-11
CVE-2013-6358
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.
CVSS Score
8.8
EPSS Score
0.032
Published
2020-01-23
CVE-2020-6632
In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-09
CVE-2019-19594
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.
CVSS Score
9.8
EPSS Score
0.056
Published
2019-12-05
CVE-2019-19595
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.
CVSS Score
9.8
EPSS Score
0.056
Published
2019-12-05
CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-07-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved