← Volver a CVEs

CVE-2023-39526

CRITICAL

9.1

Descripcion

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

Detalles CVE

Puntuacion CVSS v3.19.1

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosHIGH

Interaccion usuarioNONE

Publicado8/7/2023

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

prestashop:prestashop

Debilidades (CWE)

CWE-89

Referencias

https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09(security-advisories@github.com)

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc(security-advisories@github.com)

https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.