CVE-2022-21686

Опубликовано: 26 янв. 2022

Источник: nvd

CVSS3: 9

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.

Ссылки

https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
Release Notes
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
Release Notes
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 1.7.0.0 (включая) до 1.7.8.3 (включая)

EPSS

Процентиль: 70%

0.00625

Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-mrq4-7ch7-2465

CVSS3: 9

github

около 4 лет назад

Server Side Twig Template Injection

EPSS

Процентиль: 70%

0.00625

Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94