CVE-2023-39526
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PrestaShop | PrestaShop | < 1.7.8.10 | affected |
| PrestaShop | PrestaShop | >= 8.0.0, < 8.0.5 | affected |
| PrestaShop | PrestaShop | = 8.1.0 | affected |
Weaknesses
- CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc
- https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc
- https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.