Critical severityNVD Advisory· Published Aug 1, 2022· Updated Apr 23, 2025
Remote code execution in prestashop
CVE-2022-31181
Description
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prestashop/prestashopPackagist | >= 1.6.0.10, < 1.7.8.7 | 1.7.8.7 |
Affected products
1- Range: >= 1.6.0.10, < 1.7.8.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-hrgx-p36p-89q4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31181ghsaADVISORY
- github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.