logo

Database

SQL injection - Code In prestashop/prestashop

Description

SQL injection in prestashop/prestashop

Impact

Blind SQLi using Search filters with orderBy and sortOrder parameters

Patches

The problem is fixed in 1.7.8.2

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-437892. NVD-2021-437893. OSV-2021-437894. GHSA-6xxj-gcjq-wgf45. GCVE-2021-43789

References

1. https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf42. https://github.com/PrestaShop/PrestaShop/issues/266233. https://github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d64. https://cwe.mitre.org/data/definitions/89.html5. https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.