Headline
CVE-2023-39524: Merge remote-tracking branch 'ghsa-75p5-jwx4-qw9h/fix-advisory-1' int… · PrestaShop/PrestaShop@2047d4c
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO’s product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
Search code, repositories, users, issues, pull requests…
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
Notifications
Fork 4.6k
Code
Issues 2.4k
Pull requests 162
Discussions
Actions
Projects 8
Security
Insights
Commit
Permalink
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/Adapter/Product/Repository/ProductRepository.php
Expand Up
@@ -889,7 +889,7 @@ protected function getSearchQueryBuilder(
->addGroupBy(‘p.id_product’)
;
$dbSearchPhrase = sprintf('"%%%s%%"’, $searchPhrase);
$dbSearchPhrase = sprintf('"%%%s%%"’, pSQL($searchPhrase));
$qb->where($qb->expr()->or(
$qb->expr()->like('pl.name’, $dbSearchPhrase),
Expand Down
0 comments on commit 2047d4c
Please sign in to comment.
Related news
### Impact SQL injection possible in product search field, in BO's product page ### Patches 8.1.1 ### Found by Aleksey Solovev (Positive Technologies) ### Workarounds none ### References none