← back
CVE-2020-15160

Blind SQL Injection in PrestaShop

EPSS 10.8%CWE-89
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
Affected products
PrestaShop · PrestaShop
public PoCs found2
cve_referencepacketstormsecurity.com/files/162140/PrestaShop-1.7.6.7-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49755unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/162140/PrestaShop-1.7.6.7-SQL-Injection.htmlhttps://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fghq-8h87-826g