Pierre RAMBAUD

37 exploits Active since Nov 2017
CVE-2020-5278 WRITEUP MEDIUM WRITEUP
Prestashop < 1.7.6.5 - XSS
In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5
CVSS 4.1
CVE-2020-5279 WRITEUP MEDIUM WRITEUP
Prestashop < 1.7.6.5 - Incorrect Authorization
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5
CVSS 4.1
CVE-2020-5285 WRITEUP MEDIUM WRITEUP
Prestashop < 1.7.6.5 - XSS
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5
CVSS 4.1
CVE-2020-5286 WRITEUP MEDIUM WRITEUP
Prestashop < 1.7.6.5 - XSS
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5
CVSS 4.1
CVE-2020-5287 WRITEUP MEDIUM WRITEUP
Prestashop < 1.7.6.5 - Incorrect Authorization
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5.
CVSS 4.1
CVE-2020-5288 WRITEUP MEDIUM WRITEUP
Prestashop < 1.7.6.5 - Incorrect Authorization
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5.
CVSS 4.1
CVE-2020-5293 WRITEUP MEDIUM WRITEUP
Prestashop < 1.7.6.5 - Incorrect Authorization
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.
CVSS 6.5
CVE-2020-5294 WRITEUP MEDIUM WRITEUP
Prestashop Socialfollow < 2.1.0 - XSS
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
CVSS 4.1
CVE-2021-21302 WRITEUP MEDIUM WRITEUP
PrestaShop <1.7.2 - Code Injection
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2
CVSS 6.8
CVE-2021-21308 WRITEUP MEDIUM WRITEUP
PrestaShop <1.7.2 - Privilege Escalation
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2
CVSS 6.1
CVE-2021-21398 WRITEUP MEDIUM WRITEUP
Prestashop < 1.7.7.3 - XSS
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3
CVSS 5.4
CVE-2022-21686 WRITEUP CRITICAL WRITEUP
Prestashop < 1.7.8.3 - Code Injection
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
CVSS 9.0