High severityNVD Advisory· Published Dec 7, 2021· Updated Aug 4, 2024
Blind SQLi using Search filters in PrestaShop
CVE-2021-43789
Description
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prestashop/prestashopPackagist | >= 1.7.5.0, < 1.7.8.2 | 1.7.8.2 |
Affected products
1- Range: >= 1.7.5.0, <= 1.7.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-6xxj-gcjq-wgf4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-43789ghsaADVISORY
- cwe.mitre.org/data/definitions/89.htmlghsaWEB
- github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d6ghsaWEB
- github.com/PrestaShop/PrestaShop/issues/26623ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.