First published: Fri Feb 26 2021(Updated: )
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | >1.5.0.0<1.7.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21302 is a CSV Injection vulnerability in PrestaShop before version 1.7.2, possible by using shop search keywords via the admin panel.
PrestaShop versions between 1.5.0.0 and 1.7.7.1 are affected by CVE-2021-21302.
CVE-2021-21302 has a severity score of 7.2 (High).
You can fix CVE-2021-21302 by upgrading to version 1.7.7.2 of PrestaShop.
You can find more information about CVE-2021-21302 on the following references: [GitHub Commit](https://github.com/PrestaShop/PrestaShop/commit/782b1368aa4e94dafe28f57485bffbd8893fbb1e), [GitHub Release](https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2), [GitHub Security Advisory](https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rw4-2p99-cmx9).