CVE-2022-31101

Name of the Vulnerable Software and Affected Versions prestashop/blockwishlist versions prior to 2.1.1

Description The issue allows an authenticated customer to perform SQL injection. This can be exploited by an attacker to extract or modify sensitive data. The problem is related to the functionality of the prestashop/blockwishlist extension, which adds a block containing the customer's wishlists.

Recommendations For versions prior to 2.1.1, upgrade to version 2.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the wishlist block to minimize the risk of exploitation.