pkg:Bitnami/prestashop

All known vulnerabilities

• CRITICAL9.9CVE-2023-30839PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager"
  >= 8.0.0, < 8.0.4
• CRITICAL9.8CVE-2023-30151A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execut…
  from 0, < 3.1.10
• CRITICAL9.8CVE-2023-31672In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
  from 0, < 2.4.3
• CRITICAL9.6CVE-2024-34716PrestaShop vulnerable to XSS via customer contact form in FO, through file upload
  >= 8.1.0, < 8.1.6
• CRITICAL9.3CVE-2026-44212PrestaShop: Stored XSS executable in customer service view
  from 0, < 8.2.6, >= 9.0.0, < 9.1.1
• CRITICAL9.1CVE-2023-39526PrestaShopSQL manager vulnerability (potential RCE)
  >= 8.0.0, < 8.0.5 | >= 8.1.0, <= 8.1.0
• HIGH8.3CVE-2023-39527PrestaShop XSS vulnerability through Validate::isCleanHTML method
  >= 8.0.0, < 8.0.5 | >= 8.1.0, <= 8.1.0
• HIGH8.1CVE-2024-41651An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality.
  from 0, < 9.0.0
• HIGH8.1CVE-2024-21627Some attribute not escaped in Validate::isCleanHTML method
  >= 8.0.0, < 8.1.3
• HIGH8.0CVE-2023-30838PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method
  >= 8.0.0, < 8.0.4
• HIGH7.7CVE-2023-30545PrestaShop arbitrary file read vulnerability
  >= 8.0.0, < 8.0.4
• HIGH7.6CVE-2026-33673PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
  from 0, < 8.2.5, >= 9.0.0, < 9.1.0
• MEDIUM6.8CVE-2023-39528PrestaShop vulnerable to file reading through path traversal
  from 0, < 8.1.1
• MEDIUM6.7CVE-2023-39529PrestaShop vulnerable to file deletion via attachment API
  from 0, < 8.1.1
• MEDIUM6.7CVE-2023-39524PrestaShop vulnerable to boolean SQL injection in search product in BO
  from 0, < 8.1.1
• MEDIUM6.5CVE-2025-25692A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a craf…
  >= 8.2.0, < 9.0.0
• MEDIUM6.5CVE-2025-25691A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a…
  >= 8.2.0, < 9.0.0
• MEDIUM6.5CVE-2023-39530PrestaShop vulnerable to file deletion via CustomerMessage
  from 0, < 8.1.1
• MEDIUM6.5CVE-2023-39525PrestaShop vulnerable to path traversal
  from 0, < 8.1.1
• MEDIUM5.8CVE-2024-26129Prestashop vulnerable to path disclosure in JavaScript variable
  >= 8.1.0, < 8.1.5
• MEDIUM5.4CVE-2024-21628XSS can be stored in DB from "add a message form" in order detail page (FO)
  from 0, < 8.1.3
• MEDIUM5.3CVE-2026-25597PrestaShop has a time based enumeration in FO login form
  from 0, < 8.2.4, >= 9.0.0, < 9.0.3
• MEDIUM5.3CVE-2024-36626In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.
  >= 8.1.4, < 8.1.6
• MEDIUM5.3CVE-2024-34717Anonymous PrestaShop customer can download other customers' invoices
  >= 8.1.5, < 8.1.6
• MEDIUM5.0CVE-2023-25170PrestaShop has possible CSRF token fixation
  from 0, < 8.0.1
• MEDIUM4.3CVE-2023-43663Improper Privilege Management in Prestashop
  from 0, < 8.1.2
• MEDIUM4.3CVE-2023-43664Employee without any access rights can list all installed modules in Prestashop
  from 0, < 8.1.2
• MEDIUM4.2CVE-2025-51586Presta Shop vulnerable to email enumeration
  from 0, < 8.2.1
• LOW2.0CVE-2026-33674PrestaShop: Improper Use of Validation Framework
  from 0, < 8.2.5, >= 9.0.0, < 9.1.0