PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
References
Configurations
Configuration 1 (hide)
|
History
09 Aug 2023, 20:18
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09 - Patch | |
References | (MISC) https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc - Vendor Advisory | |
First Time |
Prestashop prestashop
Prestashop |
|
CPE | cpe:2.3:a:prestashop:prestashop:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
07 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-07 21:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-39526
Mitre link : CVE-2023-39526
CVE.ORG link : CVE-2023-39526
JSON object : View
Products Affected
prestashop
- prestashop
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')