Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist prestashop/prestashop Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS03cGpyLTJyZ2gtZmM1Z84AA8ES
Anonymous PrestaShop customer can download other customers' invoices
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 12 days ago
Critical
GSA_kwCzR0hTQS00NXZtLTNqMzgtN3A3OM4AA8ER
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS0zMzY2LTkyODctN3Fwcs4AA5Zv
Path disclosure in JavaScript variable
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12cjdtLXI5dm0tbTR3Zs4AA4Lz
PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 5 months ago
High
GSA_kwCzR0hTQS14Z3BtLXEzbXEtNDZycc4AA4Lv
PrestaShop some attribute not escaped in Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1ndnJnLTYyanAtcmY3as4AA2H_
PrestaShop allows employee without any access rights to list all installed modules
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12NGdyLXY2NzktNDJwN84AA1La
PrestaShop file deletion via CustomerMessage
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0ycmY1LTNmdzgtcW00N84AA1LZ
PrestaShop file deletion via attachment API
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1ocGY0LXY3djItOTVwMs4AA1LY
PrestaShop file access through path traversal
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 10 months ago
High
GSA_kwCzR0hTQS14dzJyLWY4eHYtYzh4cM4AA1LX
PrestaShop XSS injection through Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1nZjQ2LXBybTQtNTZwY84AA1LW
PrestaShop SQL manager vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tOXI0LTNmZzctcHFtMs4AA1LV
PrestaShop path traversal
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03NXA1LWp3eDQtcXc5aM4AA1LU
PrestaShop boolean SQL injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 10 months ago
High
GSA_kwCzR0hTQS04cjRtLTVwNnAtNTJycM4AAy-t
Arbitrary file read via SQL injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1maDdyLTk5NnEtZ3ZjcM4AAy9g
Possible XSS injection through Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wMzc5LWN4cWgtcTgyMs4AAy9f
SQL filter bypass leading to arbitrary write requests using "SQL Manager"
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zZzQzLXg3cXItOTZwaM4AAyE0
Possible CSRF token fixation
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cWdwLTl3d2MtdjI5cs4AAwNW
PrestaShop has potential Information exposure in the upload directory
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1ocmd4LXAzNnAtODlxNM4AAtvN
PrestaShop eval injection possible if shop vulnerable to SQL injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02Z3J2LWh3OGctNGdmbc4AAg0f
PrestaShop Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS14eDY3LTJqM3YtaDc2cM4AAUSH
PrestaShop PHP Object Injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jcnBnLTJtbTItampxZs3hdA
PrestaShop Stored Cross-Site Scripting Vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qMzNtLTI1MzctODZqbc1AyA
PrestaShop XSS Vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tcnE0LTdjaDctMjQ2Nc0mqQ
Server Side Twig Template Injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS02eHhqLWdjanEtd2dmNM0ZdA
SQL injection in prestashop/prestashop
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
Statistics
Advisories: 18,882
Packages: 8,426
Repositories: 2
Ecosystems: 12
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 109 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 typo3/cms-core 77 drupal/drupal 76 thorsten/phpmyfaq 70 silverstripe/framework 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 snipe/snipe-it 32 shopware/shopware 31 mautic/core 30 getgrav/grav 29 centreon/centreon 27 prestashop/prestashop 26 mediawiki/core 24 magento/core 24 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 cockpit-hq/cockpit 18 forkcms/forkcms 18 simplesamlphp/simplesamlphp 18 contao/contao 18 genix/cms 17 cakephp/cakephp 17 topthink/framework 17 ezsystems/ezpublish-kernel 17 francoisjacquet/rosariosis 17 symfony/security 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 silverstripe/cms 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 smarty/smarty 14 impresscms/impresscms 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 codeigniter4/framework 13 october/system 13 phpmyfaq/phpmyfaq 12 phpbb/phpbb 12 dompdf/dompdf 12 studio-42/elfinder 12 wwbn/avideo 11 feehi/cms 11 sylius/sylius 11 ezsystems/ezplatform-kernel 11 zendframework/zendframework 11 feehi/feehicms 11 ezsystems/ezpublish-legacy 10 nukeviet/nukeviet 10 pagekit/pagekit 10 opencart/opencart 10 admidio/admidio 10 pimcore/admin-ui-classic-bundle 10 wallabag/wallabag 10 contao/core 9 concrete5/core 9 tinymce 9 TinyMCE 9 tinymce/tinymce 9 ssddanbrown/bookstack 9 alextselegidis/easyappointments 9 funadmin/funadmin 9 october/october 9 kevinpapst/kimai2 9 gilacms/gila 8 croogo/croogo 8 pimcore/customer-management-framework-bundle 8 codiad/codiad 8 facturascripts/facturascripts 8 october/cms 8 yiisoft/yii2 8 sulu/sulu 8 silverstripe/admin 8 october/backend 7 statamic/cms 7 silverstripe/graphql 7 wpglobus/wpglobus 7 mantisbt/mantisbt 7 flarum/core 7 ezsystems/ezplatform-admin-ui 7 passbolt/passbolt_api 7 pterodactyl/panel 7 symfony/http-foundation 7 gleez/cms 6 guzzlehttp/guzzle 6 dweeves/magmi 6 directmailteam/direct-mail 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 symfony/http-kernel 6 oro/platform 6 composer/composer 6 in2code/femanager 6 bagisto/bagisto 6 yourls/yourls 6 yiisoft/yii2-dev 6 backdrop/backdrop 6 vrana/adminer 5 typo3/cms-install 5 automad/automad 5 symfony/security-core 5 illuminate/database 5 neos/flow 5 billz/raspap-webgui 5 neos/neos 5 thinkcmf/thinkcmf 5 simplesamlphp/saml2 5 phpseclib/phpseclib 5 silverstripe/assets 5 elgg/elgg 5 phpxmlrpc/phpxmlrpc 5 cachethq/cachet 5 anchorcms/anchor-cms 5 phpservermon/phpservermon 5 ibexa/core 5 pear/archive_tar 5 gugoan/economizzer 5 codeigniter/framework 5 bottelet/flarepoint 5 modx/revolution 4 oro/commerce 4 evolutioncms/evolution 4 adodb/adodb-php 4 bytefury/crater 4 pyrocms/pyrocms 4 bref/bref 4 symfony/security-bundle 4 wintercms/winter 4 idno/known 4 appwrite/server-ce 4 kimai/kimai 4 notrinos/notrinos-erp 4 wp-premium/gravityforms 4 magento/product-community-edition 4 typo3/cms-frontend 4 shopware/storefront 4 spatie/browsershot 4 ezsystems/ezplatform 4 codeigniter4/shield 4 friendsofsymfony/user-bundle 4 typo3/html-sanitizer 4 woocommerce/woocommerce 4 doctrine/orm 3 joomla/framework 3 shopxo/shopxo 3 prestashop/productcomments 3 zencart/zencart 3 yiisoft/yii 3 froala/wysiwyg-editor 3 symfony/form 3 limesurvey/limesurvey 3 qcubed/qcubed 3 typo3/cms-form 3 processwire/processwire 3 ckeditor4 3 enhavo/enhavo-app 3 apache-solr-for-typo3/solr 3 phpoffice/phpspreadsheet 3 phenx/php-svg-lib 3 reportico-web/reportico 3 facade/ignition 3 sylius/resource-bundle 3 joomla/joomla-cms 3 verot/class.upload.php 3 amphp/http-client 3 quickapps/cms 3 pixelfed/pixelfed 3 zendframework/zendservice-technorati 3 bbpress/bbpress 3 artesaos/seotools 3 zendframework/zendservice-slideshare 3 rudloff/alltube 3 twig/twig 3 enshrined/svg-sanitize 3