Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-30839: SQL filter bypass leading to arbitrary write requests using "SQL Manager"

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.

CVE
Open in Source
#sql#vulnerability#web

Package

composer prestashop/prestashop (Composer)

Affected versions

< 8.0.4

Patched versions

8.0.4, 1.7.8.9

Description

Impact

SQL filtering vulnerability, a BO user can write, update and delete in the database, even without having specific rights.

Patches

PrestaShop 8.0.4 and 1.7.8.9 will contain the patch.

Workarounds

no

References

no

Related news

GHSA-p379-cxqh-q822: SQL filter bypass leading to arbitrary write requests using "SQL Manager"

### Impact SQL filtering vulnerability, a BO user can write, update and delete in the database, even without having specific rights. ### Patches PrestaShop 8.0.4 and 1.7.8.9 will contain the patch. ### Workarounds no ### References no

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE