Lucene search
Veracode Vulnerability DatabaseVERACODE:36550HistoryAug 01, 2022 - 2:56 p.m.
SQL Injection
2022-08-0114:56:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
27
0.002 Low
EPSS
Percentile
59.0%
Prestashop is vulnerable to SQL injection. The vulnerability is due to the file config/smarty.config.inc.php improperly neutralizing SQL code. An attacker can chain this vulnerability to then call the PHP eval function, executing arbitrary code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| prestashop/prestashop | le | 1.7.8.6 | |
| prestashop/prestashop | le | 1.7.8.6 |
References
github.com/advisories/GHSA-hrgx-p36p-89q4
github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804
github.com/PrestaShop/PrestaShop/commit/f342765697f5f980e4c6bb537f6575bf5e657077
github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4
Related
veracode
veracode
SQL Injection
2022-07-25 19:23:57
osv
osv
CVE-2022-31181
2022-08-01 20:15:08
PrestaShop eval injection possible if shop vulnerable to SQL injection
2022-07-29 22:27:27
github
github
PrestaShop eval injection possible if shop vulnerable to SQL injection
2022-07-29 22:27:27
cve
cve
CVE-2022-31181
2022-08-01 20:15:08
CVE-2022-36408
2022-07-22 22:15:08
prion
prion
Sql injection
2022-08-01 20:15:00
cvelist
cvelist
CVE-2022-31181 Remote code execution in prestashop
2022-08-01 19:30:16
nvd
nvd
CVE-2022-31181
2022-08-01 20:15:08
CVE-2022-36408
2022-07-22 22:15:08
attackerkb
attackerkb
CVE-2022-36408
2022-07-22 00:00:00