CVE-2020-15160
published 2020-09-24CVE-2020-15160: PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.81%
95.3th percentile
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| prestashop | prestashop | — | — |
| prestashop | prestashop | >= 1.7.5.0 < 1.7.6.8 | 1.7.6.8 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to the PrestaShop admin Catalog Product edition page for SQL injection patterns in the `form[step3][location]` parameter, specifically payloads containing bitwise OR with ascii/substr/regexp constructs (e.g., `0'|(...regexp...)#`). ↗
- →Blind SQLi is performed by iterating over character positions (range 1–40) using `ascii(substr(...))` with a regexp-based boolean oracle; detect repeated near-identical POST requests to the product edit endpoint differing only in the location field value. ↗
- →The exploit targets extraction of the `passwd` column from the `ps_employee` table; alert on SQL fragments referencing `ps_employee` in HTTP POST body parameters. ↗
- ·The vulnerability affects PrestaShop versions 1.7.5.0 through 1.7.6.7 only; version 1.7.6.8 is patched. Detection rules should be scoped to unpatched instances. ↗
- ·Exploitation requires authenticated admin access to the back-office Catalog Product edition page; unauthenticated detection rules will produce false negatives. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
http://packetstormsecurity.com/files/162140/PrestaShop-1.7.6.7-SQL-Injection.htmlhttps://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fghq-8h87-826ghttp://packetstormsecurity.com/files/162140/PrestaShop-1.7.6.7-SQL-Injection.htmlhttps://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fghq-8h87-826g
2020-09-24
Published