matthieu-rolland

5 exploits Active since Aug 2023
CVE-2023-39524 WRITEUP MEDIUM WRITEUP
Prestashop < 8.1.1 - SQL Injection
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
CVSS 6.7
CVE-2023-39525 WRITEUP MEDIUM WRITEUP
Prestashop < 8.1.1 - Path Traversal
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
CVSS 6.5
CVE-2023-39527 WRITEUP HIGH WRITEUP
Prestashop < 1.7.8.10 - XSS
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
CVSS 8.3
CVE-2023-39528 WRITEUP MEDIUM WRITEUP
Prestashop < 8.1.1 - Path Traversal
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
CVSS 6.8
CVE-2023-43663 WRITEUP MEDIUM WRITEUP
PrestaShop - Privilege Escalation
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS 6.3