GHSA-hrgx-p36p-89q4

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-hrgx-p36p-89q4/GHSA-hrgx-p36p-89q4.json
Aliases
  • CVE-2022-31181
Published
2022-07-29T22:27:27Z
Modified
2022-07-29T22:27:27Z
Details

Impact

Eval injection possible if the shop is vulnerable to an SQL injection.

Patches

The problem is fixed in version 1.7.8.7

Workarounds

Delete the MySQL Smarty cache feature by removing these lines in the file config/smarty.config.inc.php lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6):

if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php';
    $smarty->caching_type = 'mysql';
}
References

Affected packages

Packagist / prestashop/prestashop

prestashop/prestashop

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6.0.10
Fixed
1.7.8.7

Affected versions