Critical severityNVD Advisory· Published Aug 7, 2023· Updated Oct 10, 2024

PrestaShopSQL manager vulnerability (potential RCE)

CVE-2023-39526

Description

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
prestashop/prestashopPackagist	>= 8.1.0, < 8.1.1	8.1.1
prestashop/prestashopPackagist	>= 8.0.0, < 8.0.5	8.0.5
prestashop/prestashopPackagist	< 1.7.8.10	1.7.8.10

Affected products

Prestashop/Prestashopv5
Range: < 1.7.8.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-gf46-prm4-56pcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-39526ghsaADVISORY
github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09ghsax_refsource_MISCWEB
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pcghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000