Truff77

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.0.4 PrestaShop versions prior to 1.7.8.9 **Description** PrestaShop is an Open Source e-commerce web application. A user with access to the SQL Manager can arbitrarily read any file on the operating system when using the SQL function `LOAD FILE` in a `SELECT` request, giving access to critical information. **Recommendations** For PrestaShop versions prior to 8.0.4, update to version 8.0.4 to resolve the issue. For PrestaShop versions prior to 1.7.8.9, update to version 1.7.8.9 to resolve the issue. As a temporary workaround, consider restricting access to the SQL Manager (Advanced Options -> Database) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.0.4 PrestaShop versions prior to 1.7.8.9 **Description** The issue concerns a SQL filtering vulnerability, allowing a BO user to write, update, and delete in the database, even without having specific rights. There are no known workarounds for this issue. **Recommendations** For PrestaShop versions prior to 8.0.4, update to version 8.0.4 to resolve the issue. For PrestaShop versions prior to 1.7.8.9, update to version 1.7.8.9 to resolve the issue.