CVE-2021-21302

Опубликовано: 26 фев. 2021

Источник: nvd

CVSS3: 6.8

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2

Ссылки

https://github.com/PrestaShop/PrestaShop/commit/782b1368aa4e94dafe28f57485bffbd8893fbb1e
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2
Release Notes
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rw4-2p99-cmx9
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/commit/782b1368aa4e94dafe28f57485bffbd8893fbb1e
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2
Release Notes
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rw4-2p99-cmx9
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 1.5.0.0 (исключая) до 1.7.7.2 (исключая)

EPSS

Процентиль: 64%

0.0047

Низкий

6.8 Medium

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

CWE-1236

EPSS

Процентиль: 64%

0.0047

Низкий

6.8 Medium

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

CWE-1236