Headline

GHSA-gf46-prm4-56pc: PrestaShop SQL manager vulnerability

Impact

Remote code execution through SQL injection and arbitrary file write in back office

Patches

1.7.8.10 8.0.5 8.1.1

Found by

Truff (via yeswehack)

Workarounds

none

References

none

1 year ago

ghsa

Open in Source

#sql #vulnerability #git #rce

PrestaShop SQL manager vulnerability

Critical severity GitHub Reviewed Published Aug 7, 2023 in PrestaShop/PrestaShop • Updated Aug 9, 2023

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

1 year ago

CVE

Open in Source

#sql #vulnerability #web #git #rce