PrestaShop SA and Contributors

5 exploits Active since May 2023
CVE-2023-30196 WRITEUP HIGH WRITEUP
salesbooster <= 1.10.4 - Path Traversal via Download Endpoint
Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php.
CVSS 7.5
CVE-2023-30197 WRITEUP HIGH WRITEUP
myinventory <= 1.6.6 - Unauthenticated Path Traversal
Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack.
CVSS 7.5
CVE-2023-30199 WRITEUP HIGH WRITEUP
customexporter <= 1.7.20 - Path Traversal via Download Endpoint
Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php.
CVSS 7.5
CVE-2023-30200 WRITEUP HIGH WRITEUP
Advancedplugins Ultimateimagetool < 2.1.03 - Path Traversal
In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack.
CVSS 7.5
CVE-2024-36626 WRITEUP MEDIUM WRITEUP
Prestashop 8.1.4 - Memory Corruption
In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.
CVSS 5.3