CVE-2021-43789

Опубликовано: 07 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2.

Ссылки

https://github.com/PrestaShop/PrestaShop/issues/26623
Issue Tracking
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2
Release Notes
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/issues/26623
Issue Tracking
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2
Release Notes
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 1.7.5.0 (включая) до 1.7.8.2 (исключая)

EPSS

Процентиль: 94%

0.13034

Средний

7.5 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-6xxj-gcjq-wgf4

CVSS3: 7.5

github

около 4 лет назад

SQL injection in prestashop/prestashop

EPSS

Процентиль: 94%

0.13034

Средний

7.5 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89