First published: Tue Apr 25 2023(Updated: )
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | <1.7.8.9 | |
Prestashop Prestashop | >=8.0.0<8.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-30839 is a vulnerability in PrestaShop that allows a BO user to write, update, and delete in the database, even without having specific rights.
CVE-2023-30839 has a severity rating of critical with a CVSS score of 8.8.
CVE-2023-30839 allows an attacker with Back Office (BO) user access to manipulate the database without proper authorization, potentially leading to unauthorized actions and data breaches.
Versions prior to 8.0.4 and 1.7.8.9 of PrestaShop are affected by CVE-2023-30839.
To fix CVE-2023-30839, update PrestaShop to version 8.0.4 or 1.7.8.9 that contain a patch for this vulnerability.