pkg:Packagist/prestashop/prestashop

共 31 筆 CVECRITICAL6HIGH7MEDIUM17LOW1

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.9CVE-2023-30839SQL filter bypass leading to arbitrary write requests using "SQL Manager"
    >= 8.0.0, < 8.0.4
  • CRITICAL9.8CVE-2022-31181PrestaShop eval injection possible if shop vulnerable to SQL injection
    >= 1.6.0.10, < 1.7.8.7
  • CRITICAL9.6CVE-2024-34716PrestaShop cross-site scripting via customer contact form in FO, through file upload
    >= 8.1.0, < 8.1.6
  • CRITICAL9.3CVE-2026-44212PrestaShop has a stored XSS executable in customer service view
    from 0, < 8.2.6
  • CRITICAL9.1CVE-2023-39526PrestaShop SQL manager vulnerability
    >= 8.1.0, < 8.1.1
  • CRITICAL9.0CVE-2022-21686Server Side Twig Template Injection
    >= 1.7.0.0, < 1.7.8.3
  • HIGH8.8CVE-2018-20717PrestaShop PHP Object Injection
    from 0, < 1.7.2.5
  • HIGH8.3CVE-2023-39527PrestaShop XSS injection through Validate::isCleanHTML method
    >= 8.1.0, < 8.1.1
  • HIGH8.1CVE-2024-21627PrestaShop some attribute not escaped in Validate::isCleanHTML method
    >= 8.0.0-beta.1, < 8.1.3
  • HIGH8.0CVE-2023-30838Possible XSS injection through Validate::isCleanHTML method
    >= 8.0.0, < 8.0.4
  • HIGH7.7CVE-2023-30545Arbitrary file read via SQL injection
    >= 8.0.0, < 8.0.4
  • HIGH7.6CVE-2026-33673PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
    >= 9.0.0-alpha.1, < 9.1.0
  • HIGH7.5CVE-2021-43789SQL injection in prestashop/prestashop
    >= 1.7.5.0, < 1.7.8.2
  • MEDIUM6.8CVE-2023-39528PrestaShop file access through path traversal
    from 0, < 8.1.1
  • MEDIUM6.7CVE-2023-39529PrestaShop file deletion via attachment API
    from 0, < 8.1.1
  • MEDIUM6.7CVE-2023-39524PrestaShop boolean SQL injection
    from 0, < 8.1.1
  • MEDIUM6.5CVE-2023-39530PrestaShop file deletion via CustomerMessage
    from 0, < 8.1.1
  • MEDIUM6.5CVE-2023-39525PrestaShop path traversal
    from 0, < 8.1.1
  • MEDIUM6.1CVE-2019-11876PrestaShop Cross-site Scripting vulnerability
    >= 1.7.5.2, < 1.7.6.0
  • MEDIUM6.1CVE-2012-20001PrestaShop XSS Vulnerability
    from 0, < 1.5.2.0
  • MEDIUM5.8CVE-2024-26129Path disclosure in JavaScript variable
    >= 8.1.0, < 8.1.4
  • MEDIUM5.4CVE-2024-21628PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
    from 0, < 8.1.3
  • MEDIUM5.4CVE-2013-4791PrestaShop Stored Cross-Site Scripting Vulnerability
    from 0, < 1.4.11
  • MEDIUM5.3CVE-2026-25597PrestaShop affected by time based enumeration in FO login form
    >= 9.0.0-alpha.1, < 9.0.3
  • MEDIUM5.3CVE-2024-34717Anonymous PrestaShop customer can download other customers' invoices
    >= 8.1.5, < 8.1.6
  • MEDIUM5.3CVE-2022-46158PrestaShop has potential Information exposure in the upload directory
    from 0, < 1.7.8.8
  • MEDIUM5.0CVE-2023-25170Possible CSRF token fixation
    from 0, < 8.0.1
  • MEDIUM4.3CVE-2023-43663PrestaShop allows users to uninstall modules from backoffice, even with low rights
    from 0, < 8.1.2
  • MEDIUM4.3CVE-2023-43664PrestaShop allows employee without any access rights to list all installed modules
    from 0, < 8.1.2
  • MEDIUM4.2CVE-2025-51586Presta Shop vulnerable to email enumeration
    from 0, < 8.2.3
  • LOW2.0CVE-2026-33674PrestaShop: Improper Use of Validation Framework
    from 0, < 8.2.5