CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19125 – PrestaShop 1.6.x/1.7.x - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-19125
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory. PrestaShop en versiones 1.6.x anteriores a la 1.6.1.23 y 1.7.x anteriores a la 1.7.4.4 permite que los atacantes remotos eliminen un directorio de imágenes. PrestaShop versions 1.6.x and 1.7.x suffer from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/45964 http://build.prestashop.com/news/prestashop-1-7-4-4-1-6-1-23-maintenance-releases https://github.com/PrestaShop/PrestaShop/pull/11285 https://github.com/PrestaShop/PrestaShop/pull/11286 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 2CVE-2018-19126 – PrestaShop 1.6.x/1.7.x - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-19126
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. PrestaShop en versiones 1.6.x anteriores a la 1.6.1.23 y 1.7.x anteriores a la 1.7.4.4 permite que los atacantes remotos ejecuten código arbitrario mediante una subida de archivos. PrestaShop versions 1.6.x and 1.7.x suffer from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/45964 https://github.com/farisv/PrestaShop-CVE-2018-19126 http://build.prestashop.com/news/prestashop-1-7-4-4-1-6-1-23-maintenance-releases https://github.com/PrestaShop/PrestaShop/pull/11285 https://github.com/PrestaShop/PrestaShop/pull/11286 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 5%CPEs: 2EXPL: 2CVE-2018-13784 – PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-13784
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php. PrestaShop en versiones anteriores a la 1.6.1.20 y versiones 1.7.x anteriores a la 1.7.3.4 gestiona de manera incorrecta el cifrado de cookies en Cookie.php, Rinjdael.php y Blowfish.php. • https://www.exploit-db.com/exploits/45046 https://www.exploit-db.com/exploits/45047 http://build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases https://github.com/PrestaShop/PrestaShop/pull/9218 https://github.com/PrestaShop/PrestaShop/pull/9222 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-8824
https://notcve.org/view.php?id=CVE-2018-8824
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter. modules/bamegamenu/ajax_phpcode.php en el módulo Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro 1.0.32 para PrestaShop de la versión 1.5.5.0 a la 1.7.2.5 permite que atacantes remotos ejecuten una inyección SQL mediante llamadas de función en el parámetro code. • https://ia-informatica.com/it/CVE-2018-8824 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 1CVE-2018-10942
https://notcve.org/view.php?id=CVE-2018-10942
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file. modules/attributewizardpro/file_upload.php en el addon Attribute Wizard 1.6.9 para PrestaShop, de la versión 1.4.0.1 a la 1.6.1.18, permite que atacantes remotos ejecuten código arbitrario mediante la subida de un archivo .phtml. • https://ia-informatica.com/it/CVE-2018-10942 • CWE-434: Unrestricted Upload of File with Dangerous Type •