GSA_kwCzR0hTQS02eHhqLWdjanEtd2dmNM0ZdA

High EPSS: 0.10068% (0.92759 Percentile) EPSS:

Permalink JSON

SQL injection in prestashop/prestashop

Affected Packages	Affected Versions	Fixed Versions
packagist:prestashop/prestashop	>= 1.7.5.0, <= 1.7.8.1	1.7.8.2
0 Dependent packages 2 Dependent repositories 10,876 Downloads total Affected Version Ranges All affected versions All unaffected versions 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.0, 8.2.1, 9.0.0

Impact

Blind SQLi using Search filters with orderBy and sortOrder parameters

Patches

The problem is fixed in 1.7.8.2

References:

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4
https://github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d6
https://cwe.mitre.org/data/definitions/89.html
https://nvd.nist.gov/vuln/detail/CVE-2021-43789
https://github.com/PrestaShop/PrestaShop/issues/26623
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2
https://github.com/advisories/GHSA-6xxj-gcjq-wgf4

Identifiers

GHSA-6xxj-gcjq-wgf4

CVE-2021-43789

Risk

Severity

High

EPSS

EPSS Percentage: 0.10068

EPSS Percentile: 0.92759

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/PrestaShop/PrestaShop

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories