CVE-2023-39526

PrestaShopSQL manager vulnerability (potential RCE)

CVSS 9.1 CRITICALEPSS 1.3%CWE-89

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

PrestaShop · PrestaShop

PoCs públicas encontradas — 1

githubgithub.com/dnkhack/fixcve2023_39526_2023_39527★ 3

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc