CVE-2023-39526

Source
https://cve.org/CVERecord?id=CVE-2023-39526
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39526.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-39526
Aliases
Published
2023-08-07T20:28:59.051Z
Modified
2026-07-16T09:11:43.668267629Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
PrestaShopSQL manager vulnerability (potential RCE)
Details

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/39xxx/CVE-2023-39526.json",
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/prestashop/prestashop

Affected ranges

Type
GIT
Repo
https://github.com/prestashop/prestashop
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:prestashop:prestashop:8.1.0:*:*:*:*:*:*:*"
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.8.10"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.0.5"
        },
        {
            "introduced": "8.1.0"
        },
        {
            "last_affected": "8.1.0"
        }
    ]
}

Affected versions

1.*
1.6.0.1
1.6.0.3
1.6.1.0
1.7.0.0-beta.1.0
1.7.0.0-beta.2.0
1.7.0.0-beta.4.0
1.7.0.0-rc.0.0
1.7.8.3
8.*
8.0.0-beta.1
8.0.2
8.0.4
8.1.0
= 8.*
= 8.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39526.json"