prestashop/prestashop Security Advisories for 1.7.6.4 (19)
-
[MEDIUM] PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
PKSA-8wzq-y3v5-3bpw CVE-2024-21628 GHSA-vr7m-r9vm-m4wf
Affected version: <8.1.3
Reported by:
GitHub -
[HIGH] PrestaShop some attribute not escaped in Validate::isCleanHTML method
PKSA-vxgv-fr1x-84x2 CVE-2024-21627 GHSA-xgpm-q3mq-46rq
Affected version: <1.7.8.11|>=8.0.0-beta.1,<8.1.3
Reported by:
GitHub -
[MEDIUM] PrestaShop allows users to uninstall modules from backoffice, even with low rights
PKSA-1fhp-3jw8-ythx CVE-2023-43663 GHSA-6jmf-2pfc-q9m7
Affected version: <8.1.2
Reported by:
GitHub -
[MEDIUM] PrestaShop allows employee without any access rights to list all installed modules
PKSA-6bxt-gn43-6f15 CVE-2023-43664 GHSA-gvrg-62jp-rf7j
Affected version: <8.1.2
Reported by:
GitHub -
[MEDIUM] PrestaShop file deletion via CustomerMessage
PKSA-sm6p-36y9-kbwc CVE-2023-39530 GHSA-v4gr-v679-42p7
Affected version: <=8.1.0
Reported by:
GitHub -
[MEDIUM] PrestaShop file deletion via attachment API
PKSA-jq67-q75p-gwt1 CVE-2023-39529 GHSA-2rf5-3fw8-qm47
Affected version: <=8.1.0
Reported by:
GitHub -
[MEDIUM] PrestaShop file access through path traversal
PKSA-k56r-q35x-6nfw CVE-2023-39528 GHSA-hpf4-v7v2-95p2
Affected version: <=8.1.0
Reported by:
GitHub -
[HIGH] PrestaShop XSS injection through Validate::isCleanHTML method
PKSA-fd9b-yzvb-7sj4 CVE-2023-39527 GHSA-xw2r-f8xv-c8xp
Affected version: <1.7.8.10|>=8.0.0,<8.0.5|=8.1.0
Reported by:
GitHub -
[CRITICAL] PrestaShop SQL manager vulnerability
PKSA-zrh4-j94n-k8t7 CVE-2023-39526 GHSA-gf46-prm4-56pc
Affected version: <1.7.8.10|>=8.0.0,<8.0.5|=8.1.0
Reported by:
GitHub -
[MEDIUM] PrestaShop path traversal
PKSA-2smq-v1p5-hrvm CVE-2023-39525 GHSA-m9r4-3fg7-pqm2
Affected version: <=8.1.0
Reported by:
GitHub -
[MEDIUM] PrestaShop boolean SQL injection
PKSA-4s5f-735j-vn8c CVE-2023-39524 GHSA-75p5-jwx4-qw9h
Affected version: <=8.1.0
Reported by:
GitHub -
[HIGH] Arbitrary file read via SQL injection
PKSA-y5dr-x6hg-fr2c CVE-2023-30545 GHSA-8r4m-5p6p-52rp
Affected version: <1.7.8.9|>=8.0.0,<8.0.4
Reported by:
GitHub -
[HIGH] Possible XSS injection through Validate::isCleanHTML method
PKSA-wd7z-qmwt-pf5g CVE-2023-30838 GHSA-fh7r-996q-gvcp
Affected version: <1.7.8.9|>=8.0.0,<8.0.4
Reported by:
GitHub -
[CRITICAL] SQL filter bypass leading to arbitrary write requests using "SQL Manager"
PKSA-pcwy-tz8p-6syh CVE-2023-30839 GHSA-p379-cxqh-q822
Affected version: <1.7.8.9|>=8.0.0,<8.0.4
Reported by:
GitHub -
[MEDIUM] Possible CSRF token fixation
PKSA-cknx-yk7n-w5s5 CVE-2023-25170 GHSA-3g43-x7qr-96ph
Affected version: <8.0.1
Reported by:
GitHub -
[MEDIUM] PrestaShop has potential Information exposure in the upload directory
PKSA-h3qq-cy6z-r8s7 CVE-2022-46158 GHSA-9qgp-9wwc-v29r
Affected version: <1.7.8.8
Reported by:
GitHub -
[CRITICAL] PrestaShop eval injection possible if shop vulnerable to SQL injection
PKSA-n51t-8tm5-dchp CVE-2022-31181 GHSA-hrgx-p36p-89q4
Affected version: >=1.6.0.10,<1.7.8.7
Reported by:
GitHub -
[CRITICAL] Server Side Twig Template Injection
PKSA-yszs-pwkr-vsmc CVE-2022-21686 GHSA-mrq4-7ch7-2465
Affected version: >=1.7.0.0,<=1.7.8.2
Reported by:
GitHub -
[HIGH] SQL injection in prestashop/prestashop
PKSA-ywtm-t42b-dpn6 CVE-2021-43789 GHSA-6xxj-gcjq-wgf4
Affected version: >=1.7.5.0,<=1.7.8.1
Reported by:
GitHub