CRITICAL🇬🇧 English

CVE-2022-21686

CVSS 9.0v3.1pub. 2022-01-26upd. 2024-11-21

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Prestashop

    APP
    Prestashop
    1.7.0.0 – 1.7.8.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-34716CRITICAL9.6PL ✓ten sam produkt

XSS w PrestaShop umożliwiający przejęcie sesji administratora

CVE-2023-39526CRITICAL9.1ten sam produkt

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vuln...

CVE-2023-30149CRITICAL9.8ten sam produkt

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, ...

CVE-2023-30839CRITICAL9.9ten sam produkt

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL fil...

CVE-2022-31181CRITICAL9.8ten sam produkt

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is s...