logo

Database

SQL injection - Code In prestashop/prestashop

Description

PrestaShop boolean SQL injection

Impact

SQL injection possible in product search field, in BO's product page

Patches

8.1.1

Found by

Aleksey Solovev (Positive Technologies)

Workarounds

none

References

none

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-395242. NVD-2023-395243. OSV-2023-395244. GHSA-75p5-jwx4-qw9h5. GCVE-2023-39524

References

1. https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h2. https://github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.