CRITICAL🇵🇱 Wersja polska

CVE-2022-31181

CVSS 9.8v3.1pub. 2022-08-01upd. 2024-11-21

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Prestashop

    APP
    Prestashop
    1.6.0.10 – 1.7.8.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-34716CRITICAL9.6PL ✓ten sam produkt

XSS w PrestaShop umożliwiający przejęcie sesji administratora

CVE-2023-39526CRITICAL9.1ten sam produkt

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vuln...

CVE-2023-30149CRITICAL9.8ten sam produkt

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, ...

CVE-2023-30839CRITICAL9.9ten sam produkt

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL fil...

CVE-2022-21686CRITICAL9.0ten sam produkt

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8....

CVE-2022-31181 — Prestashop — CRITICAL — CVSS 9.8 | CVEbaza.pl