Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-p379-cxqh-q822: SQL filter bypass leading to arbitrary write requests using "SQL Manager"

Impact

SQL filtering vulnerability, a BO user can write, update and delete in the database, even without having specific rights.

Patches

PrestaShop 8.0.4 and 1.7.8.9 will contain the patch.

Workarounds

no

References

no

ghsa
Open in Source
#sql#vulnerability#git

SQL filter bypass leading to arbitrary write requests using “SQL Manager”

Critical severity GitHub Reviewed Published Apr 25, 2023 in PrestaShop/PrestaShop • Updated Apr 25, 2023

Related news

CVE-2023-30839: SQL filter bypass leading to arbitrary write requests using "SQL Manager"

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability
ghsa