CVE-2021-43789

State: PUBLISHED · Published: 2021-12-07 · Updated: 2024-08-04 · Assigner: GitHub_M

Description

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.

CWE

CWE-89 — CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected

PrestaShop / PrestaShop — v=>= 1.7.5.0, <= 1.7.8.1 [affected]

CVSS

3.1 score=7.5 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4 x_refsource_CONFIRM
https://github.com/PrestaShop/PrestaShop/issues/26623 x_refsource_MISC
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2 x_refsource_MISC

Source

cvelistV5-main/cves/2021/43xxx/CVE-2021-43789.json