CRITICAL9.9CVE-2023-30839SQL filter bypass leading to arbitrary write requests using "SQL Manager" >= 8.0.0, < 8.0.4
CRITICAL9.8CVE-2022-31181PrestaShop eval injection possible if shop vulnerable to SQL injection >= 1.6.0.10, < 1.7.8.7
CRITICAL9.6PrestaShop cross-site scripting via customer contact form in FO, through file upload
>= 8.1.0, < 8.1.6
CRITICAL9.3PrestaShop has a stored XSS executable in customer service view
from 0, < 8.2.6
CRITICAL9.1PrestaShop SQL manager vulnerability
>= 8.1.0, < 8.1.1
CRITICAL9.0Server Side Twig Template Injection
>= 1.7.0.0, < 1.7.8.3
HIGH8.8PrestaShop PHP Object Injection
from 0, < 1.7.2.5
HIGH8.3PrestaShop XSS injection through Validate::isCleanHTML method
>= 8.1.0, < 8.1.1
HIGH8.1PrestaShop some attribute not escaped in Validate::isCleanHTML method
>= 8.0.0-beta.1, < 8.1.3
HIGH8.0Possible XSS injection through Validate::isCleanHTML method
>= 8.0.0, < 8.0.4
HIGH7.7Arbitrary file read via SQL injection
>= 8.0.0, < 8.0.4
HIGH7.6PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
>= 9.0.0-alpha.1, < 9.1.0
HIGH7.5SQL injection in prestashop/prestashop
>= 1.7.5.0, < 1.7.8.2
MEDIUM6.8PrestaShop file access through path traversal
from 0, < 8.1.1
MEDIUM6.7PrestaShop file deletion via attachment API
from 0, < 8.1.1
MEDIUM6.7PrestaShop boolean SQL injection
from 0, < 8.1.1
MEDIUM6.5PrestaShop file deletion via CustomerMessage
from 0, < 8.1.1
MEDIUM6.5PrestaShop path traversal
from 0, < 8.1.1
MEDIUM6.1PrestaShop Cross-site Scripting vulnerability
>= 1.7.5.2, < 1.7.6.0
MEDIUM6.1PrestaShop XSS Vulnerability
from 0, < 1.5.2.0
MEDIUM5.8Path disclosure in JavaScript variable
>= 8.1.0, < 8.1.4
MEDIUM5.4PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
from 0, < 8.1.3
MEDIUM5.4PrestaShop Stored Cross-Site Scripting Vulnerability
from 0, < 1.4.11
MEDIUM5.3PrestaShop affected by time based enumeration in FO login form
>= 9.0.0-alpha.1, < 9.0.3
MEDIUM5.3Anonymous PrestaShop customer can download other customers' invoices
>= 8.1.5, < 8.1.6
MEDIUM5.3PrestaShop has potential Information exposure in the upload directory
from 0, < 1.7.8.8
MEDIUM5.0Possible CSRF token fixation
from 0, < 8.0.1
MEDIUM4.3PrestaShop allows users to uninstall modules from backoffice, even with low rights
from 0, < 8.1.2
MEDIUM4.3PrestaShop allows employee without any access rights to list all installed modules
from 0, < 8.1.2
MEDIUM4.2Presta Shop vulnerable to email enumeration
from 0, < 8.2.3
LOW2.0PrestaShop: Improper Use of Validation Framework
from 0, < 8.2.5