Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1nZjQ2LXBybTQtNTZwY84AA1LW

Critical EPSS: 0.09741% (0.92628 Percentile) EPSS:
Permalink JSON

PrestaShop SQL manager vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:prestashop/prestashop < 1.7.8.10, >= 8.0.0, < 8.0.5, = 8.1.0 1.7.8.10, 8.0.5, 8.1.1
0 Dependent packages
2 Dependent repositories
13,451 Downloads total

Affected Version Ranges

All affected versions

8.0.0, 8.0.0-beta.1, 8.0.0-rc.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.1.0, 8.1.0-beta.1, 8.1.0-rc.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 9.0.0, 9.0.0-alpha.1, 9.0.0-beta.1, 9.0.0-rc.1, 9.0.1, 9.0.2

All unaffected versions

Impact

Remote code execution through SQL injection and arbitrary file write in back office

Patches

1.7.8.10
8.0.5
8.1.1

Found by

Truff (via yeswehack)

Workarounds

none

References

none

References:

Identifiers

GHSA-gf46-prm4-56pc

CVE-2023-39526

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.09741

EPSS Percentile: 0.92628

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/PrestaShop/PrestaShop

Date and time

Published

over 2 years ago

Updated

24 days ago

API

JSON