Description

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

Remediation

References

CVE-2023-39526

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26078)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0929)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)

WordPress Plugin VO Store Locator-WP Store Locator Unspecified Vulnerability (3.2.14)

WebLogic Improper Certificate Validation Vulnerability (CVE-2021-3450)

Severity

Critical

Classification

CVE-2023-39526 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities