Critical severityNVD Advisory· Published Apr 25, 2023· Updated Feb 3, 2025
PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager"
CVE-2023-30839
Description
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prestashop/prestashopPackagist | >= 8.0.0, < 8.0.4 | 8.0.4 |
prestashop/prestashopPackagist | < 1.7.8.9 | 1.7.8.9 |
Affected products
1- Range: >= 8.0.0, < 8.0.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-p379-cxqh-q822ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-30839ghsaADVISORY
- github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149ghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9ghsaWEB
- github.com/PrestaShop/PrestaShop/releases/tag/8.0.4ghsaWEB
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.