First published: Tue Dec 07 2021(Updated: )
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | >=1.7.5.0<1.7.8.2 | |
>=1.7.5.0<1.7.8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability is identified as CVE-2021-43789.
The severity of CVE-2021-43789 is critical with a CVSS score of 9.8.
Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters.
To fix CVE-2021-43789, update your PrestaShop installation to version 1.7.8.2 or later.
Additional information about CVE-2021-43789 can be found on the PrestaShop GitHub page and the PrestaShop security advisories page.