First published: Mon Aug 07 2023(Updated: )
### Impact Remote code execution through SQL injection and arbitrary file write in back office ### Patches 1.7.8.10 8.0.5 8.1.1 ### Found by Truff (via yeswehack) ### Workarounds none ### References none
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | <1.7.8.10 | |
Prestashop Prestashop | >=8.0.0<8.0.5 | |
Prestashop Prestashop | =8.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2023-39526.
The impact of this vulnerability is remote code execution through SQL injection and arbitrary file write in the back office.
Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 of PrestaShop are affected by this vulnerability.
No, there are no known workarounds for this vulnerability.
You can find more information about this vulnerability at the following references: [Link 1](https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc), [Link 2](https://nvd.nist.gov/vuln/detail/CVE-2023-39526), [Link 3](https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09).