Critical severityNVD Advisory· Published Aug 1, 2022· Updated Apr 23, 2025
Remote code execution in prestashop
CVE-2022-31181
Description
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prestashop/prestashopPackagist | >= 1.6.0.10, < 1.7.8.7 | 1.7.8.7 |
Affected products
2- Range: >= 1.6.0.10, < 1.7.8.7
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-hrgx-p36p-89q4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31181ghsaADVISORY
- github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.