Published: 01/08/2022 Updated: 27/09/2022

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and prior to 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
prestashop prestashop

Module for PrestaShop 1.6.1.X/1.7.X to fix CVE-2022-31181 / CVE-2022-36408 vulnerability (Chain SQL Injection)

LabelGrup Networks, official PrestaShop Partner Module for PrestaShop 161X and 17X to fix CVE-2022-36408 / CVE-2022-31181 vulnerability (Chain SQL Injection) For further information, check the following links: CVE: nvdnistgov/vuln/detail/CVE-2022-36408 CVE (GitHub): cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2022-31181 GitHub: githubcom/PrestaS

Module for PrestaShop 1.6.1.X/1.7.X to fix CVE-2022-31181 / CVE-2022-36408 vulnerability (Chain SQL Injection)

LabelGrup Networks, official PrestaShop Partner Module for PrestaShop 161X and 17X to fix CVE-2022-36408 / CVE-2022-31181 vulnerability (Chain SQL Injection) For further information, check the following links: CVE: nvdnistgov/vuln/detail/CVE-2022-36408 CVE (GitHub): cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2022-31181 GitHub: githubcom/PrestaS

CWE-89 https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804 https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4 https://nvd.nist.gov https://github.com/drkbcn/lblfixer_cve_2022_31181

CVE-2022-31181

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect