Description

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

Remediation

References

CVE-2023-39526

Related Vulnerabilities

Squid Improper Input Validation Vulnerability (CVE-2016-2390)

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-9757)

Drupal Core 9.0.x Cross-Site Scripting (9.0.0 - 9.0.11)

WordPress Plugin Excel-Like Price Changer for WooCommerce and WP E-commerce-Light Multiple Vulnerabilities (2.1.5)

WordPress Plugin Admin Columns Pro Cross-Site Scripting (5.5.1)

Severity

Critical

Classification

CVE-2023-39526 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities