Описание
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.8.9 (исключая)Версия от 8.0.0 (включая) до 8.0.4 (исключая)
Одно из
cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.09377
Низкий
9.9 Critical
CVSS3
8.8 High
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 9.9
github
почти 3 года назад
SQL filter bypass leading to arbitrary write requests using "SQL Manager"
EPSS
Процентиль: 93%
0.09377
Низкий
9.9 Critical
CVSS3
8.8 High
CVSS3
Дефекты
CWE-89
CWE-89