Prestashop is vulnerable to SQL injection. The vulnerability is due to the file config/smarty.config.inc.php
improperly neutralizing SQL code. An attacker can chain this vulnerability to then call the PHP eval
function, executing arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
prestashop/prestashop | le | 1.7.8.6 | |
prestashop/prestashop | le | 1.7.8.6 |
github.com/advisories/GHSA-hrgx-p36p-89q4
github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804
github.com/PrestaShop/PrestaShop/commit/f342765697f5f980e4c6bb537f6575bf5e657077
github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4