9.8
CVSSv3

CVE-2022-31181

Published: 01/08/2022 Updated: 08/08/2022
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vulnerability Summary

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and prior to 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

prestashop prestashop

Github Repositories

LabelGrup Networks, official PrestaShop Partner Module for PrestaShop 17X to fix CVE-2022-31181 vulnerability (Chain SQL Injection) Check: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2022-31181 githubcom/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4 buildprestashopcom/news/major-security-vulnerability-on-prestashop-websites/ Visit ou

LabelGrup Networks, official PrestaShop Partner Module for PrestaShop 161X and 17X to fix CVE-2022-36408 / CVE-2022-31181 vulnerability (Chain SQL Injection) For further information, check the following links: CVE: nvdnistgov/vuln/detail/CVE-2022-36408 CVE (GitHub): cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2022-31181 GitHub: githubcom/PrestaS