GHSA-hrgx-p36p-89q4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hrgx-p36p-89q4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-hrgx-p36p-89q4/GHSA-hrgx-p36p-89q4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hrgx-p36p-89q4
- Aliases
- Published
- 2022-07-29T22:27:27Z
- Modified
- 2023-11-08T04:09:29.075917Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- PrestaShop eval injection possible if shop vulnerable to SQL injection
- Details
-
Impact
Eval injection possible if the shop is vulnerable to an SQL injection.
Patches
The problem is fixed in version 1.7.8.7
Workarounds
Delete the MySQL Smarty cache feature by removing these lines in the file
config/smarty.config.inc.phplines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6):if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php'; $smarty->caching_type = 'mysql'; } - Database specific
{ "nvd_published_at": "2022-08-01T20:15:00Z", "github_reviewed_at": "2022-07-29T22:27:27Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-89", "CWE-95" ] }- References
-
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4
- https://nvd.nist.gov/vuln/detail/CVE-2022-31181
- https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804
- https://github.com/PrestaShop/PrestaShop
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7
Affected packages
Packagist / prestashop/prestashop
Package
- Name
- prestashop/prestashop
- Purl
- pkg:composer/prestashop/prestashop
Affected versions
1.*
1.7.0.0-beta.1.0
1.7.0.0-beta.2.0
1.7.0.0-beta.3.0
1.7.0.0-beta.4.0
1.7.0.0-rc.0.0
1.7.0.0-rc.1.0
1.7.0.0-rc.2.0
1.7.0.0
1.7.0.1
1.7.0.2
1.7.0.3
1.7.0.4
1.7.0.5
1.7.0.6
1.7.1.0
1.7.1.1
1.7.1.2
1.7.2.0-rc.1.0
1.7.2.0
1.7.2.1
1.7.2.2
1.7.2.3
1.7.2.4
1.7.2.5
1.7.3.0
1.7.3.1
1.7.3.2
1.7.3.3
1.7.3.4
1.7.4.0-beta.1
1.7.4.0
1.7.4.1
1.7.4.2
1.7.4.3
1.7.4.4
1.7.5.0-beta.1
1.7.5.0-rc.1
1.7.5.0
1.7.5.1
1.7.5.2
1.7.6.0-beta.1
1.7.6.0-rc.1
1.7.6.0-rc.2
1.7.6.0
1.7.6.1
1.7.6.2
1.7.6.3
1.7.6.4
1.7.6.5
1.7.6.6
1.7.6.7
1.7.6.8
1.7.6.9
1.7.7.0-beta.1
1.7.7.0-beta.2
1.7.7.0-rc.1
1.7.7.0
1.7.7.1
1.7.7.2
1.7.7.3
1.7.7.4
1.7.7.5
1.7.7.6
1.7.7.7
1.7.7.8
1.7.8.0-beta.1
1.7.8.0-rc.1
1.7.8.0
1.7.8.1
1.7.8.2
1.7.8.3
1.7.8.4
1.7.8.5
1.7.8.6