PT-2023-22994 · Unknown · Prestashop

Truff77

Publicado

2023-04-25

Atualizado

2024-03-06

CVE-2023-30839

CVSS v3.1

9.9

Crítica

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.0.4 PrestaShop versions prior to 1.7.8.9

Description The issue concerns a SQL filtering vulnerability, allowing a BO user to write, update, and delete in the database, even without having specific rights. There are no known workarounds for this issue.

Recommendations For PrestaShop versions prior to 8.0.4, update to version 8.0.4 to resolve the issue. For PrestaShop versions prior to 1.7.8.9, update to version 1.7.8.9 to resolve the issue.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

BIT-PRESTASHOP-2023-30839

CVE-2023-30839

GHSA-P379-CXQH-Q822

Produtos afetados

Prestashop

PT-2023-22994 · Unknown · Prestashop

CVE-2023-30839

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14