Pierre RAMBAUD

39 exploits Active since Nov 2017
CVE-2020-5276 WRITEUP MEDIUM WRITEUP
PrestaShop 1.7.1.0-1.7.6.5 - Reflected Cross-Site Scripting via AdminCarts cartBox Parameter
In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5
CVSS 4.1
CVE-2020-5277 WRITEUP MEDIUM WRITEUP
PrestaShop Faceted Search Module < 3.5.0 - Reflected Cross-Site Scripting via url_name Parameter
PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0
CVSS 4.1
CVE-2020-5278 WRITEUP MEDIUM WRITEUP
PrestaShop 1.5.4.0-1.7.6.5 - Reflected Cross-Site Scripting on Exception Page
In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5
CVSS 4.1
CVE-2020-5279 WRITEUP MEDIUM WRITEUP
PrestaShop 1.5.0.0-1.7.6.5 - Improper Access Control in Legacy Controllers
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5
CVSS 4.1
CVE-2020-5285 WRITEUP MEDIUM WRITEUP
PrestaShop 1.7.6.0-1.7.6.5 - Reflected Cross-Site Scripting via Back Parameter
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5
CVSS 4.1
CVE-2020-5286 WRITEUP MEDIUM WRITEUP
PrestaShop 1.7.4.0-1.7.6.5 - Reflected Cross-Site Scripting via File Upload Error
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5
CVSS 4.1
CVE-2020-5287 WRITEUP MEDIUM WRITEUP
PrestaShop 1.5.5.0-1.7.6.5 - Improper Access Control in Customer Search
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5.
CVSS 4.1
CVE-2020-5288 WRITEUP MEDIUM WRITEUP
PrestaShop 1.7.0.0-1.7.6.5 - Improper Access Control on Product Attributes Page
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5.
CVSS 4.1
CVE-2020-5293 WRITEUP MEDIUM WRITEUP
PrestaShop 1.7.0.0-1.7.6.5 - Improper Access Control on Product Page
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.
CVSS 6.5
CVE-2020-5294 WRITEUP MEDIUM WRITEUP
PrestaShop Social Follow Module < 2.1.0 - Reflected Cross-Site Scripting via Social Network Fields
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
CVSS 4.1
CVE-2021-21302 WRITEUP MEDIUM WRITEUP
PrestaShop 1.5.0.0-1.7.7.2 - CSV Injection via Admin Panel Shop Search Keywords
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2
CVSS 6.8
CVE-2021-21308 WRITEUP MEDIUM WRITEUP
PrestaShop <1.7.2 - Privilege Escalation
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2
CVSS 6.1
CVE-2021-21398 WRITEUP MEDIUM WRITEUP
PrestaShop 1.7.7.0-1.7.7.2 - Cross-Site Scripting via Grid Column Type DataColumn
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3
CVSS 5.4
CVE-2022-21686 WRITEUP CRITICAL WRITEUP
PrestaShop 1.7.0.0-1.7.8.3 - Authenticated Code Injection via Legacy Layout
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
CVSS 9.0