PT-2023-26997 · Unknown · Prestashop

Matthieu-Rolland

Publicado

2023-08-07

Atualizado

2024-03-06

CVE-2023-39526

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 1.7.8.10 PrestaShop versions prior to 8.0.5 PrestaShop versions prior to 8.1.1

Description PrestaShop is an open source e-commerce web application. The issue concerns remote code execution through SQL injection and arbitrary file write in the back office. There are no known workarounds.

Recommendations For versions prior to 1.7.8.10, update to version 1.7.8.10 or later. For versions prior to 8.0.5, update to version 8.0.5 or later. For versions prior to 8.1.1, update to version 8.1.1 or later.

Exploit

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

BIT-PRESTASHOP-2023-39526

CVE-2023-39526

GHSA-GF46-PRM4-56PC

Produtos afetados

Prestashop

PT-2023-26997 · Unknown · Prestashop

CVE-2023-39526

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13