CVE-2022-31181

Name of the Vulnerable Software and Affected Versions PrestaShop versions 1.6.0.10 through 1.7.8.7

Description The issue is related to an SQL injection vulnerability in PrestaShop, an Open Source e-commerce platform. This vulnerability can be chained to call PHP's Eval function on attacker input, potentially allowing a remote attacker to execute arbitrary code. The problem is fixed in version 1.7.8.7.

Recommendations For PrestaShop versions 1.6.0.10 through 1.7.8.7, upgrade to version 1.7.8.7 to resolve the issue. For users unable to upgrade, delete the MySQL Smarty cache feature by removing the specified lines in the file config/smarty.config.inc.php to mitigate the risk. Specifically, remove lines 43-46 for PrestaShop 1.7 or lines 40-43 for PrestaShop 1.6.