Atomiix

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 1.7.8.8 **Description** PrestaShop is an open-source e-commerce solution where versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. This could allow users to view the contents of the upload directory without appropriate permissions. The issue has been addressed, and users are advised to upgrade. **Recommendations** For PrestaShop versions prior to 1.7.8.8, upgrade to version 1.7.8.8 to resolve the issue. As a temporary workaround, consider restricting access to the upload directory until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** PrestaShop module versions prior to 5.0.2 **Description** The issue allows an attacker to steal an administrator's cookie, potentially leading to unauthorized access. The problem is related to improper neutralization of input during web page generation, which can facilitate cross-site scripting attacks. **Recommendations** For versions prior to 5.0.2, update to version 5.0.2 to resolve the issue. As a temporary workaround, consider restricting access to administrator accounts until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.6.0.10 through 1.7.8.7 **Description** The issue is related to an SQL injection vulnerability in PrestaShop, an Open Source e-commerce platform. This vulnerability can be chained to call PHP's Eval function on attacker input, potentially allowing a remote attacker to execute arbitrary code. The problem is fixed in version 1.7.8.7. **Recommendations** For PrestaShop versions 1.6.0.10 through 1.7.8.7, upgrade to version 1.7.8.7 to resolve the issue. For users unable to upgrade, delete the MySQL Smarty cache feature by removing the specified lines in the file `config/smarty.config.inc.php` to mitigate the risk. Specifically, remove lines 43-46 for PrestaShop 1.7 or lines 40-43 for PrestaShop 1.6.

**Name of the Vulnerable Software and Affected Versions** prestashop/blockwishlist versions prior to 2.1.1 **Description** The issue allows an authenticated customer to perform SQL injection. This can be exploited by an attacker to extract or modify sensitive data. The problem is related to the functionality of the prestashop/blockwishlist extension, which adds a block containing the customer's wishlists. **Recommendations** For versions prior to 2.1.1, upgrade to version 2.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the wishlist block to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ps emailsubscription versions prior to 2.6.1 **Description** The issue allows an employee to inject javascript in the newsletter condition field, which will then be executed on the front office. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the newsletter condition field to prevent potential javascript injection until the update is applied.