-
[CVE-2022-46965] Improper neutralization of an SQL parameter in Administrative Mandate module for PrestaShop
In the module “Administrative Mandate” (totadministrativemandate), an authenticated user can perform SQL injection in affected versions.
-
[CVE-2022-46639] Directory traversal in the descarga_etiqueta.php component of Correos Prestashop
From version v1.1.0.0 and v1.2.x+ correosoficial Module for Prestashop 1.7.x allows remote attackers to read local files and attack intranet hosts.
-
Blind SQL injection vulnerability in Redirections Manager (smplredirectionsmanager) PrestaShop module
The module Redirections Manager (smplredirectionsmanager) from Smart Plugs contains a Blind SQL injection vulnerability up to version 1.1.19. This module is for the PrestaShop e-commerce platform.
-
[CVE-2022-22897] Major updates > SQL Injections in PrestaShop appagebuilder module up to 2.4.5
PrestaShop Ap Pagebuilder module versions 2.4.5 and below suffer from several remote SQL injection vulnerability.
-
[CVE-2022-44727] Blind SQL injection vulnerability in PrestaShop lgcookieslaw module
The PrestaShop e-commerce platform module EU Cookie Law GDPR (Banner + Blocker) contains a Blind SQL injection vulnerability up to version 2.1.2. This module is widely deployed and is a “Best seller” on the add-ons store.
-
Chain: SQL Injection (CWE-89) and Eval Injection (CWE-95)
In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP’s Eval function on attacker input.
-
[CVE-2022-31101] Invalid order neutralization in an SQL query in PrestaShop blockwishlist module
blockwishlist is a prestashop extension which adds a block containing the customer’s wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
-
[CVE-2017-9841] PHUnit dependancy in PrestaShop and modules allows remote arbitrary PHP code execution
Modules include the vulnerable dependancy are: 1-Click Upgrade (autoupgrade) from 4.0.0 to 4.10.1, Cart Abandonment Pro (pscartabandonmentpro) from 2.0.1 to 2.0.10, Faceted Search (ps_facetedsearch) from 2.2.1 to 3.4.1, Merchant Expertise (gamification) from 2.1.0 to 2.3.2, PrestaShop Checkout (ps_checkout) from 1.0.8 to 1.2.9.