Your shopping cart is empty

Script Security vulnerability checker
for PrestaShop 1.7, 1.6, 1.5, 1.4, 1.3

The library and the tool to check PrestaShop for known vulnerabilities.

Download

About author

Maksim T.
Maksim T.
Freelancer.
Developer.
Works since 2010.
Products: 47.

Questions?

The customer service for this component does not include free personal consultations. Only business offers and important information are accepted.
Security vulnerability checker
 
Downloads
202
The most popular!
 

Description

Short description

The library and the tool to check PrestaShop for known vulnerabilities. To be aware of PrestaShop new security issues, subscribe to the newsletter.

How to check for vulnerabilities

Download, unpack the archive and copy the folder prestashop-security-vulnerability-checker to your PrestaShop root directory (where there are index.php, init.php and so on). Run this script via your web browser or from a console, for example:

  • Run from browser: http://localhost/prestashop-security-vulnerability-checker/index.php
  • Run from console: php index.php

After the check, delete the folder of the tool.

Report example

SECURITY CHECK:
[Not exists] : CVE-2018-19355 : Security vulnerability (7.5/10) with the module OrderFiles. Solution: update the module, remove or fix vulnerable files. There is no information about vulnerable OrderFiles module version and about the author of the module. If you have the information, contact with me: https://prestashop.modulez.ru/en/contact-us?id_product=70
[Not exists] : CVE-2018-19126 | CVE-2018-19125 | CVE-2018-19124 : Security vulnerability (7.5/10). The explanation: https://prestashop.modulez.ru/en/news/51
[Not exists] : CVE-2018-13784 : Security vulnerability (6.4/10). More info: http://build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases/
[Not exists] : CVE-2018-8824 | CVE-2018-8823 : Security vulnerability (7.5/10) with the "Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro" module v1.0.32. Solution: update the module, remove or fix vulnerable files. The module on Addons: https://addons.prestashop.com/en/menu/20464-responsive-mega-menu-horizontaldropdownswipesticky.html
[Exists] : CVE-2018-7491 : Security vulnerability (5/10). This is UI-Redressing/Clickjacking vulnerability. More info: https://github.com/PrestaShop/PrestaShop/pull/8807
[Exists] : CVE-2018-5682 : Security vulnerability (5/10). The attacker can review existent emails of employees and customers. More info: http://forge.prestashop.com/browse/BOOM-4613
[Exists] : CVE-2018-5681 : Security vulnerability (3.5/10). More info: http://forge.prestashop.com/browse/BOOM-4612
[Exists] : CVE-2017-9841 : Security vulnerability (7.5/10). Potentially malicious files found: "/vendor/symfony/symfony/src/Symfony/Component/ClassLoader/Tests/Fixtures/ClassesWithParents/F.php". Solution: remove or fix vulnerable files. More info: https://www.prestashop.com/en/security-announcement-your-store-vulnerable-malware
[Not exists] : CVE-2015-1175 : Security vulnerability (4.3/10) with the BlockLayered module v2.0.5 or less. Solution: update the module, remove or fix vulnerable files. The module on GitHub: https://github.com/PrestaShop/blocklayered
[Not exists] : CVE-2012-6641 : Security vulnerability (5/10) with the SoColissimo module in PrestaShop before 1.4.7.2. Solution: update the module, remove or fix vulnerable files. The module on GitHub: https://github.com/quadra-informatique/SoColissimo-3.x-Prestashop
[Not exists] : CVE-2012-5801 | CVE-2012-5800 | CVE-2012-5799 : Security vulnerability (5.8/10) with the PayPal, ebay, CanadaPost (Presto-Changeo) modules. There is no information about issue for a concrete version of PrestaShop and a version of PayPal, ebay, CanadaPost (Presto-Changeo) modules. More info: https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
[Not exists] : CVE-2011-4545 : Security vulnerability (5/10). Solution: update your PHP to at least the last of 5.6. More info: https://www.dognaedis.com/vulns/DGS-SEC-7.html
[Not exists] : CVE-2011-4544 : Security vulnerability (4.3/10) with the "mondialrelay" module and "ajaxfilemanager" script. More info: https://www.dognaedis.com/vulns/DGS-SEC-5.html
[Not exists] : CVE-2011-3796 : Security vulnerability (5/10). Allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message.
[Not exists] : CVE-2008-5791 | CVE-2008-6503 : Security vulnerability (10/10). Solution: upgrade or remove your PrestaShop 1.1 ;)
[Not exists] : Outdated version of PrestaShop : Actual versions of PrestaShop are 1.6 and 1.7. Solution: upgrade. How to do this: https://prestashop.modulez.ru/en/services/28-prestashop-upgrade-to-newest-16-17-by-zapalm-4-hours.html
------
ATTENTION: Your website has 4 security issues!
The vulnerability with the score of 10 is the most dangerous and vice versa for the score of 1.

How to help the project grow and get updates

Write a review in the comments tab. That's all! :)

Information for advanced users

See the project on GitHub: https://github.com/zapalm/prestashop-security-vulnerability-checker

Data sheet

  • Compatible with versions of PrestaShop: 1.7, 1.6, 1.5, 1.4, 1.3
  • Compatible with versions of PHP: 5.2 or newer
  • Installation: normal
  • Uses PrestaShop classes override system: no
  • Core modifications: no
  • Includes a documentation: no
  • Includes free consultations: no
  • Translated into languages: EN
  • Version: 1.3.0 (2022-10-29)
  • License: Open source license
  • Product type: Script
Maksim T. 11/1/2021 14:35:58

Last Sunday I have released a new release!
The most important thing in the release: I added a check for a critical vulnerability CVE-2017-9841.

See my comment on PrestaShop blog about this vulnerability: http://disq.us/p/2kgvm52

I would appreciate your review about the script on this Comments page. Like the post if you like this release :)

0
v1.0.0 (2019-02-04)
	+ the first release of the tool for PrestaShop 1.3, 1.4, 1.5, 1.6, 1.7
v1.0.1 (2019-02-08)
	+ used version_compare() instead of compare by PHP_VERSION_ID
v1.2.0 (2021-10-31)
	+ added the check of security vulnerabilities: CVE-2017-9841, CVE-2008-6503, CVE-2008-5791
	+ some improvements in the code
v1.3.0 (2022-10-29)
	+ added checking the security vulnerability CVE-2022-31181
	+ replaced short array syntax added in a previous release (to support PHP less than 5.4)