First published: Mon Jun 27 2022(Updated: )
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Blockwishlist | <2.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-31101 is a vulnerability in the Prestashop Blockwishlist extension that allows authenticated customers to perform SQL injection.
CVE-2022-31101 has a severity rating of 8.8 (high).
The Prestashop Blockwishlist extension versions up to and excluding 2.1.1 are affected by CVE-2022-31101.
To fix CVE-2022-31101, users are advised to upgrade to version 2.1.1 of the Prestashop Blockwishlist extension.
There are no known workarounds for CVE-2022-31101.