PT-2022-15037 · Unknown · Prestashop
Brum3Ns
·
Published
2022-01-26
·
Updated
2022-02-04
·
CVE-2022-21686
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PrestaShop versions 1.7.0.0 through 1.7.8.3
Description
PrestaShop is an Open Source e-commerce platform. An attacker is able to inject twig code inside the back office when using the legacy layout.
Recommendations
For versions 1.7.0.0 through 1.7.8.3, update to version 1.7.8.3 or later to resolve the issue.
As a temporary workaround, consider disabling the legacy layout until a patch is available.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prestashop