High severityNVD Advisory· Published Dec 7, 2021· Updated Aug 4, 2024
Blind SQLi using Search filters in PrestaShop
CVE-2021-43789
Description
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prestashop/prestashopPackagist | >= 1.7.5.0, < 1.7.8.2 | 1.7.8.2 |
Affected products
2- Range: >= 1.7.5.0, <= 1.7.8.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6xxj-gcjq-wgf4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-43789ghsaADVISORY
- cwe.mitre.org/data/definitions/89.htmlghsaWEB
- github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d6ghsaWEB
- github.com/PrestaShop/PrestaShop/issues/26623ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.