logo

Database

SQL injection - Code In prestashop/prestashop

Description

PrestaShop SQL manager vulnerability

Impact

Remote code execution through SQL injection and arbitrary file write in back office

Patches

1.7.8.10 8.0.5 8.1.1

Found by

Truff (via yeswehack)

Workarounds

none

References

none

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-395262. NVD-2023-395263. OSV-2023-395264. GHSA-gf46-prm4-56pc5. GCVE-2023-39526

References

1. https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc2. https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c093. https://github.com/dnkhack/fixcve2023_39526_2023_39527

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.