CRITICAL🇵🇱 Wersja polska

CVE-2023-39526

CVSS 9.1v3.1pub. 2023-08-07upd. 2024-11-21

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Prestashop

    APP
    Prestashop
    8.1.0< 1.7.8.108.0.0 – 8.0.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2024-34716CRITICAL9.6PL ✓ten sam produkt

XSS w PrestaShop umożliwiający przejęcie sesji administratora

CVE-2023-30149CRITICAL9.8ten sam produkt

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, ...

CVE-2023-30839CRITICAL9.9ten sam produkt

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL fil...

CVE-2022-31181CRITICAL9.8ten sam produkt

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is s...

CVE-2022-21686CRITICAL9.0ten sam produkt

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8....