pkg:Bitnami/prestashop

All known vulnerabilities

• CRITICAL9.9CVE-2023-30839SQL filter bypass leading to arbitrary write requests using "SQL Manager"
  >= 8.0.0, < 8.0.4
• CRITICAL9.8CVE-2023-30151A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execut…
  from 0, < 3.1.10
• CRITICAL9.8In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
  from 0, < 2.4.3
• CRITICAL9.6PrestaShop cross-site scripting via customer contact form in FO, through file upload
  >= 8.1.0, < 8.1.6
• CRITICAL9.3PrestaShop has a stored XSS executable in customer service view
  from 0, < 8.2.6, >= 9.0.0, < 9.1.1
• CRITICAL9.1PrestaShop SQL manager vulnerability
  >= 8.0.0, < 8.0.5 | >= 8.1.0, <= 8.1.0
• HIGH8.3PrestaShop XSS injection through Validate::isCleanHTML method
  >= 8.0.0, < 8.0.5 | >= 8.1.0, <= 8.1.0
• HIGH8.1An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality.
  from 0, < 9.0.0
• HIGH8.1PrestaShop some attribute not escaped in Validate::isCleanHTML method
  >= 8.0.0, < 8.1.3
• HIGH8.0Possible XSS injection through Validate::isCleanHTML method
  >= 8.0.0, < 8.0.4
• HIGH7.7Arbitrary file read via SQL injection
  >= 8.0.0, < 8.0.4
• HIGH7.6PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
  from 0, < 8.2.5, >= 9.0.0, < 9.1.0
• MEDIUM6.8PrestaShop file access through path traversal
  from 0, < 8.1.1
• MEDIUM6.7PrestaShop file deletion via attachment API
  from 0, < 8.1.1
• MEDIUM6.7PrestaShop boolean SQL injection
  from 0, < 8.1.1
• MEDIUM6.5A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a craf…
  >= 8.2.0, < 9.0.0
• MEDIUM6.5A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a…
  >= 8.2.0, < 9.0.0
• MEDIUM6.5PrestaShop file deletion via CustomerMessage
  from 0, < 8.1.1
• MEDIUM6.5PrestaShop path traversal
  from 0, < 8.1.1
• MEDIUM5.8Path disclosure in JavaScript variable
  >= 8.1.0, < 8.1.5
• MEDIUM5.4PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
  from 0, < 8.1.3
• MEDIUM5.3PrestaShop affected by time based enumeration in FO login form
  from 0, < 8.2.4, >= 9.0.0, < 9.0.3
• MEDIUM5.3In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.
  >= 8.1.4, < 8.1.6
• MEDIUM5.3Anonymous PrestaShop customer can download other customers' invoices
  >= 8.1.5, < 8.1.6
• MEDIUM5.0Possible CSRF token fixation
  from 0, < 8.0.1
• MEDIUM4.3PrestaShop allows users to uninstall modules from backoffice, even with low rights
  from 0, < 8.1.2
• MEDIUM4.3PrestaShop allows employee without any access rights to list all installed modules
  from 0, < 8.1.2
• MEDIUM4.2Presta Shop vulnerable to email enumeration
  from 0, < 8.2.1
• LOW2.0PrestaShop: Improper Use of Validation Framework
  from 0, < 8.2.5, >= 9.0.0, < 9.1.0