CVE-2023-39526

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

Published: Aug 7, 2023
Updated: May 9, 2024
CVE: CVE-2023-39526
GHSA: GHSA-gf46-prm4-56pc
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
prestashop / prestashop	8.1.0	8.1.0.x
prestashop / prestashop	-	1.7.8.10
prestashop / prestashop	8.0.0	8.0.5
prestashop / prestashop	8.1.0	8.1.0.x
prestashop / prestashop	8.1.0	8.1.1
prestashop / prestashop	8.0.0	8.0.5
prestashop / prestashop	-	1.7.8.10

https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc

Vulnerability Database

289,784

CVE-2023-39526