GHSA-75p5-jwx4-qw9h

Source

https://github.com/advisories/GHSA-75p5-jwx4-qw9h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-75p5-jwx4-qw9h/GHSA-75p5-jwx4-qw9h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-75p5-jwx4-qw9h

Aliases

Published

2023-08-09T14:34:42Z

Modified

2024-02-16T08:22:40.192832Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVSS Calculator

Summary

PrestaShop boolean SQL injection

Details

Impact

SQL injection possible in product search field, in BO's product page

Patches

8.1.1

Found by

Aleksey Solovev (Positive Technologies)

Workarounds

none

References

none

Database specific

{
    "nvd_published_at": "2023-08-07T20:15:10Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-09T14:34:42Z"
}

References

Affected packages

Packagist / prestashop/prestashop

Package

Name: prestashop/prestashop
Purl: pkg:composer/prestashop/prestashop

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.1

Affected versions

1.*

1.7.0.0-beta.1.0

1.7.0.0-beta.2.0

1.7.0.0-beta.3.0

1.7.0.0-beta.4.0

1.7.0.0-rc.0.0

1.7.0.0-rc.1.0

1.7.0.0-rc.2.0

1.7.0.0

1.7.0.1

1.7.0.2

1.7.0.3

1.7.0.4

1.7.0.5

1.7.0.6

1.7.1.0

1.7.1.1

1.7.1.2

1.7.2.0-rc.1.0

1.7.2.0

1.7.2.1

1.7.2.2

1.7.2.3

1.7.2.4

1.7.2.5

1.7.3.0

1.7.3.1

1.7.3.2

1.7.3.3

1.7.3.4

1.7.4.0-beta.1

1.7.4.0

1.7.4.1

1.7.4.2

1.7.4.3

1.7.4.4

1.7.5.0-beta.1

1.7.5.0-rc.1

1.7.5.0

1.7.5.1

1.7.5.2

1.7.6.0-beta.1

1.7.6.0-rc.1

1.7.6.0-rc.2

1.7.6.0

1.7.6.1

1.7.6.2

1.7.6.3

1.7.6.4

1.7.6.5

1.7.6.6

1.7.6.7

1.7.6.8

1.7.6.9

1.7.7.0-beta.1

1.7.7.0-beta.2

1.7.7.0-rc.1

1.7.7.0

1.7.7.1

1.7.7.2

1.7.7.3

1.7.7.4

1.7.7.5

1.7.7.6

1.7.7.7

1.7.7.8

1.7.8.0-beta.1

1.7.8.0-rc.1

1.7.8.0

1.7.8.1

1.7.8.2

1.7.8.3

1.7.8.4

1.7.8.5

1.7.8.6

1.7.8.7

1.7.8.8

1.7.8.9

1.7.8.10

1.7.8.11

8.*

8.0.0-beta.1

8.0.0-rc.1

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.1.0-beta.1

8.1.0-rc.1

8.1.0

Database specific

{
    "last_known_affected_version_range": "<= 8.1.0"
}