websafe-kb/07-framework-security/ecommerce/prestashop/INDEX.md

PrestaShop

LAB ONLY | AUTHORIZED TARGETS ONLY | 自动生成索引

• 系统 ID: prestashop
• 分类: ecommerce
• 覆盖策略: history-full
• 总案例数: 114
• 近 30 天新增/更新: 2
• 重点 Markdown 案例数: 2
• 已实证(真实版本): 0
• 已实证(synthetic): 0
• 阻塞数: 0
• 待人工/缺浏览器证据: 114
• 最近渲染时间: 2026-04-02T09:18:51+00:00

目标约束

• 适用目标类型: lab-local, lab-public, authorized-third-party
• 是否允许公网验证: yes, but ownership or authorization is required
• 授权前提: 资产归属可证明，或已取得书面/明确授权。
• 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
• 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作

来源

• official PrestaShop Security Page (mode=core)
• official GitHub PrestaShop Advisories (mode=core)
• official NVD PrestaShop (keyword=PrestaShop; mode=core)
• ecosystem-authority OSV PrestaShop (mode=core)
• ecosystem-authority Friends Of Presta Security (mode=module)

案例列表

标题	严重度	案例状态	实证状态	实证方式	来源置信度	更新时间	案例页
PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables	low	generated	triage-manual	synthetic	ecosystem-authority	2026-03-30T12:26:07.105030Z	link
PrestaShop: Improper Use of Validation Framework	low	generated	triage-manual	synthetic	ecosystem-authority	2026-03-30T12:26:06.049752Z	link
CVE-2020-5294	medium	triage	triage-manual	synthetic	official	2024-11-21T05:33:51.140	-
CVE-2020-5273	medium	triage	triage-manual	synthetic	official	2024-11-21T05:33:48.777	-
CVE-2020-5266	medium	triage	triage-manual	synthetic	official	2024-11-21T05:33:47.980	-
CVE-2020-5277	medium	triage	triage-manual	synthetic	official	2024-11-21T05:33:49.217	-
CVE-2020-5250	high	triage	triage-manual	synthetic	official	2024-11-21T05:33:45.950	-
CVE-2013-6295	critical	triage	triage-manual	synthetic	official	2024-11-21T01:58:57.763	-
CVE-2013-4792	medium	triage	triage-manual	synthetic	official	2024-11-21T01:56:25.330	-
CVE-2013-4791	medium	triage	triage-manual	synthetic	official	2024-11-21T01:56:25.180	-
CVE-2012-2517	medium	triage	triage-manual	synthetic	official	2024-11-21T01:39:10.433	-
CVE-2013-6358	high	triage	triage-manual	synthetic	official	2024-11-21T01:59:04.000	-
CVE-2020-6632	medium	triage	triage-manual	synthetic	official	2024-11-21T05:36:04.413	-
CVE-2019-19595	critical	triage	triage-manual	synthetic	official	2024-11-21T04:35:01.013	-
CVE-2019-19594	critical	triage	triage-manual	synthetic	official	2024-11-21T04:35:00.853	-
CVE-2019-15565	critical	triage	triage-manual	synthetic	official	2024-11-21T04:29:01.730	-
CVE-2019-13461	high	triage	triage-manual	synthetic	official	2024-11-21T04:24:56.967	-
CVE-2019-11876	medium	triage	triage-manual	synthetic	official	2024-11-21T04:21:56.310	-
CVE-2018-20717	high	triage	triage-manual	synthetic	official	2024-11-21T04:02:01.370	-
CVE-2018-19355	critical	triage	triage-manual	synthetic	official	2024-11-21T03:57:47.527	-
CVE-2018-19126	critical	triage	triage-manual	synthetic	official	2024-11-21T03:57:22.610	-
CVE-2018-19125	high	triage	triage-manual	synthetic	official	2024-11-21T03:57:22.450	-
CVE-2018-19124	high	triage	triage-manual	synthetic	official	2024-11-21T03:57:22.300	-
CVE-2018-13784	critical	triage	triage-manual	synthetic	official	2024-11-21T03:47:58.403	-
CVE-2018-8824	critical	triage	triage-manual	synthetic	official	2024-11-21T04:14:23.640	-
CVE-2018-10942	critical	triage	triage-manual	synthetic	official	2024-11-21T03:42:21.540	-
CVE-2018-8823	critical	triage	triage-manual	synthetic	official	2024-11-21T04:14:23.493	-
CVE-2018-7491	high	triage	triage-manual	synthetic	official	2024-11-21T04:12:14.077	-
CVE-2018-5682	medium	triage	triage-manual	synthetic	official	2024-11-21T04:09:09.393	-
CVE-2018-5681	medium	triage	triage-manual	synthetic	official	2024-11-21T04:09:09.263	-
CVE-2015-1175	medium	triage	triage-manual	synthetic	official	2025-04-12T10:46:40.837	-
CVE-2014-2009	medium	triage	triage-manual	synthetic	official	2025-04-12T10:46:40.837	-
CVE-2014-2008	high	triage	triage-manual	synthetic	official	2025-04-12T10:46:40.837	-
CVE-2012-6641	medium	triage	triage-manual	synthetic	official	2025-04-12T10:46:40.837	-
CVE-2012-5801	medium	triage	triage-manual	synthetic	official	2025-04-11T00:51:21.963	-
CVE-2012-5800	medium	triage	triage-manual	synthetic	official	2025-04-11T00:51:21.963	-
CVE-2012-5799	medium	triage	triage-manual	synthetic	official	2025-04-11T00:51:21.963	-
CVE-2011-4545	medium	triage	triage-manual	synthetic	official	2025-04-11T00:51:21.963	-
CVE-2011-4544	medium	triage	triage-manual	synthetic	official	2025-04-11T00:51:21.963	-
CVE-2011-3796	medium	triage	triage-manual	synthetic	official	2025-04-11T00:51:21.963	-
CVE-2008-6503	medium	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
CVE-2008-5791	high	triage	triage-manual	synthetic	official	2025-04-09T00:30:58.490	-
Events	unknown	triage	triage-manual	synthetic	official	``	-
GitHub
Discussions (external link)	unknown	triage	triage-manual	synthetic	official	``	-
3	unknown	triage	triage-manual	synthetic	official	``	-
Newsletter	unknown	triage	triage-manual	synthetic	official	``	-
[CVE-2024-6648] Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
→ Discover the PrestaShop example modules repository A hands-on library of working code examples to help you understand how PrestaShop module development really works.	unknown	triage	triage-manual	synthetic	official	``	-
PrestaShop	unknown	triage	triage-manual	synthetic	official	``	-
Support (external link)	unknown	triage	triage-manual	synthetic	official	``	-
Latest Releases	unknown	triage	triage-manual	synthetic	official	``	-
XSS can be stored in DB from "add a message form" in order detail page (FO)	unknown	triage	triage-manual	synthetic	official	``	-
→ PrestaShop Core Monthly - January 2026 9.1 Beta opens for feedback, Developer Conference videos go live, and big features take shape	unknown	triage	triage-manual	synthetic	official	``	-
Sign in	unknown	triage	triage-manual	synthetic	official	``	-
Insights	unknown	triage	triage-manual	synthetic	official	``	-
[CVE-2025-51586] User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
→ PrestaShop 8.2.4 is available Security improvements for branch 8.2.x	unknown	triage	triage-manual	synthetic	official	``	-
→ Hummingbird v2: Architecture, Best Practices, and Contribution Guide A developer-oriented foundation for modern and scalable PrestaShop themes	unknown	triage	triage-manual	synthetic	official	``	-
its members and contributors	unknown	triage	triage-manual	synthetic	official	``	-
[CVE-2025-61922] Customer account takeover via email in PrestaShop Checkout module for PrestaShop	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Contributor's Guide	unknown	triage	triage-manual	synthetic	official	``	-
Path disclosure in JavaScript variable	unknown	triage	triage-manual	synthetic	official	``	-
SQL injection possible in search product in BO	unknown	triage	triage-manual	synthetic	official	``	-
6	unknown	triage	triage-manual	synthetic	official	``	-
Policy	unknown	triage	triage-manual	synthetic	official	``	-
→ Join us at the inaugural Ecommerce Open Source Summit (EO2S) in Paris Organized by Friends of Presta, EO2S brings together the open source ecommerce community on March 26, 2026	unknown	triage	triage-manual	synthetic	official	``	-
Join Slack
Community
(external link)	unknown	triage	triage-manual	synthetic	official	``	-
path traversal: file deletion	unknown	triage	triage-manual	synthetic	official	``	-
→ PrestaShop Core Monthly - February 2026 New releases, Hummingbird v2, B2B foundations, and a one-page checkout on the horizon	unknown	triage	triage-manual	synthetic	official	``	-
Core Monthly	unknown	triage	triage-manual	synthetic	official	``	-
Issues
2.3k	unknown	triage	triage-manual	synthetic	official	``	-
Discussions	unknown	triage	triage-manual	synthetic	official	``	-
4	unknown	triage	triage-manual	synthetic	official	``	-
Developer
Documentation (external link)	unknown	triage	triage-manual	synthetic	official	``	-
→ Cleaning up old branches: a routine maintenance for a healthier repository We are removing old branches from our repository	unknown	triage	triage-manual	synthetic	official	``	-
Download
sources (external link)	unknown	triage	triage-manual	synthetic	official	``	-
PrestaShop	unknown	triage	triage-manual	synthetic	official	``	-
Some attribute not escaped in Validate::isCleanHTML method	unknown	triage	triage-manual	synthetic	official	``	-
Pull requests
305	unknown	triage	triage-manual	synthetic	official	``	-
Top Contributors
(external link)	unknown	triage	triage-manual	synthetic	official	``	-
Contact us	unknown	triage	triage-manual	synthetic	official	``	-
Projects	unknown	triage	triage-manual	synthetic	official	``	-
Start Developing	unknown	triage	triage-manual	synthetic	official	``	-
About us	unknown	triage	triage-manual	synthetic	official	``	-
5	unknown	triage	triage-manual	synthetic	official	``	-
[CVE-2024-36682] Exposure of Private Personal Information to an Unauthorized Actor in Promokit.eu - Theme settings module for PrestaShop	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
[CVE-2025-69633] Improper neutralization of SQL parameters in Advanced Popup Creator module from Idnovate for PrestaShop	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
→ PrestaShop 9.1 RC1 is open for testing! The first Release Candidate of PrestaShop 9.1 is here. Help us validate it before the final release.	unknown	triage	triage-manual	synthetic	official	``	-
Time based enumeration in FO login form	unknown	triage	triage-manual	synthetic	official	``	-
Live Updates	unknown	triage	triage-manual	synthetic	official	``	-
[CVE-2024-34989] Improper neutralization of SQL parameter in RSI PDF/HTML catalog evolution (prestapdf) module for PrestaShop	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
New possible XSS injection through Validate::isCleanHTML method	unknown	triage	triage-manual	synthetic	official	``	-
Top Translators (external link)	unknown	triage	triage-manual	synthetic	official	``	-
[CVE-2023-45256] Improper neutralization of SQL parameters in Monetico Paiement module from EuroInformation for PrestaShop	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Anonymous customer can download other customers's invoices	unknown	triage	triage-manual	synthetic	official	``	-
PrestaShop 8.x	unknown	triage	triage-manual	synthetic	official	``	-
PrestaShop 9.x	unknown	triage	triage-manual	synthetic	official	``	-
→ AI-Powered API Hackathon: 14+ Endpoints in a Single Day How PrestaShop teams used Claude Code to accelerate Admin API contributions	unknown	triage	triage-manual	synthetic	official	``	-
[CVE-2024-36683] Improper neutralization of SQL parameter in Smart Modules - Products Alert module for PrestaShop	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
Email enumeration	unknown	triage	triage-manual	synthetic	official	``	-
Skip to content	unknown	triage	triage-manual	synthetic	official	``	-
How-to Guides	unknown	triage	triage-manual	synthetic	official	``	-
Sign up	unknown	triage	triage-manual	synthetic	official	``	-
[CVE-2024-41670] Improperly Implemented Security Check for Standard in PayPal Official for PrestaShop	unknown	triage	triage-manual	synthetic	ecosystem-authority	``	-
→ PrestaShop Developer Conference 2025 Filmed Sessions - Community and Security Friends of Presta, Cybersecurity and Ecommerce Development	unknown	triage	triage-manual	synthetic	official	``	-
Star
9k	unknown	triage	triage-manual	synthetic	official	``	-
RSS	unknown	triage	triage-manual	synthetic	official	``	-
YouTube
Channel (external link)	unknown	triage	triage-manual	synthetic	official	``	-
Development Tools	unknown	triage	triage-manual	synthetic	official	``	-
Security
53	unknown	triage	triage-manual	synthetic	official	``	-
Useful Tools	unknown	triage	triage-manual	synthetic	official	``	-
XSS via customer contact form in FO, through file upload	unknown	triage	triage-manual	synthetic	official	``	-
Next	unknown	triage	triage-manual	synthetic	official	``	-
Actions	unknown	triage	triage-manual	synthetic	official	``	-