5 matches found
PrestaShop - SQL Injection to Eval Injection
PrestaShop versions from 1.6.0.10 and before 1.7.8.7 contain an SQL injection caused by unsanitized user input, letting attackers chain the vulnerability to call PHP's Eval function, exploit requires attacker to send malicious input. id: CVE-2022-31181 info: name: PrestaShop - SQL Injection to Ev...
CVE-2022-31181
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...
CVE-2022-31181
PrestaShop versions 1.6.0.10 through 1.7.8.7 contain an SQL injection flaw caused by unsanitized user input, which can be chained to call PHP’s Eval function. The vulnerability can lead to remote code execution and is fixed in 1.7.8.7. Upgrading to 1.7.8.7 or later is the recommended remediation;...
CVE-2022-31181 Remote code execution in prestashop
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...
CVE-2022-36408
CVE-2022-36408 is rejected/not used; reference CVE-2022-31181 instead.