Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1wMzc5LWN4cWgtcTgyMs4AAy9f

Critical EPSS: 0.06182% (0.90379 Percentile) EPSS:
Permalink JSON

SQL filter bypass leading to arbitrary write requests using "SQL Manager"

Affected Packages Affected Versions Fixed Versions
packagist:prestashop/prestashop < 1.7.8.9, >= 8.0.0, < 8.0.4 1.7.8.9, 8.0.4
0 Dependent packages
2 Dependent repositories
10,876 Downloads total

Affected Version Ranges

All affected versions

8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.0, 8.2.1, 9.0.0

All unaffected versions

Impact

SQL filtering vulnerability, a BO user can write, update and delete in the database, even without having specific rights.

Patches

PrestaShop 8.0.4 and 1.7.8.9 will contain the patch.

Workarounds

no

References

no

References:

Identifiers

GHSA-p379-cxqh-q822

CVE-2023-30839

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.06182

EPSS Percentile: 0.90379

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/PrestaShop/PrestaShop

Date and time

Published

over 2 years ago

Updated

over 1 year ago

API

JSON