CVE-2021-43789

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2.

Published: Dec 7, 2021
Updated: May 9, 2024
CVE: CVE-2021-43789
GHSA: GHSA-6xxj-gcjq-wgf4
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
prestashop / prestashop	1.7.5.0	1.7.8.2
prestashop / prestashop	1.7.5.0	1.7.8.2

https://cwe.mitre.org/data/definitions/89.html
https://github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d6
https://github.com/PrestaShop/PrestaShop/issues/26623
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4

Vulnerability Database

CVE-2021-43789

Deep Security Visibility Without the Complexity