Shodan
Vulnerabilities
Vulnerable Software
Prestashop:  Security Vulnerabilities
CVE-2020-4074
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
CVSS Score
8.9
EPSS Score
0.004
Published
2020-07-02
CVE-2020-12120
The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-04-27
CVE-2020-5285
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5
CVSS Score
4.1
EPSS Score
0.002
Published
2020-04-20
CVE-2020-5286
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5
CVSS Score
4.1
EPSS Score
0.002
Published
2020-04-20
CVE-2020-5287
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5.
CVSS Score
4.1
EPSS Score
0.002
Published
2020-04-20
CVE-2020-5288
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5.
CVSS Score
4.1
EPSS Score
0.002
Published
2020-04-20
CVE-2020-5293
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-04-20
CVE-2020-5264
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.
CVSS Score
4.4
EPSS Score
0.002
Published
2020-04-20
CVE-2020-5265
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
CVSS Score
4.4
EPSS Score
0.002
Published
2020-04-20
CVE-2020-5269
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5
CVSS Score
4.1
EPSS Score
0.002
Published
2020-04-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved