Lucene search

K
cvelistGitHub_MCVELIST:CVE-2022-31101
HistoryJun 27, 2022 - 10:15 p.m.

CVE-2022-31101 SQL Injection in prestashop/blockwishlist

2022-06-2722:15:20
CWE-89
GitHub_M
www.cve.org
1
cve-2022-31101
sql injection
prestashop
blockwishlist extension
authenticated customer
upgrade

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

9

Confidence

High

EPSS

0.01

Percentile

84.2%

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer’s wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

CNA Affected

[
  {
    "product": "blockwishlist",
    "vendor": "PrestaShop",
    "versions": [
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.1.1"
      }
    ]
  }
]

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

9

Confidence

High

EPSS

0.01

Percentile

84.2%