CVE-2021-43789
published 2021-12-07CVE-2021-43789: PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.13%
89.6th percentile
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| prestashop | prestashop | — | — |
| prestashop | prestashop | >= 1.7.5.0 < 1.7.8.2 | 1.7.8.2 |
| prestashop | prestashop | >= 1.7.5.0 < 1.7.8.2 | 1.7.8.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SQL injection in prestashop/prestashop
ghsa·2021-12-07
CVE-2021-43789 [HIGH] CWE-89 SQL injection in prestashop/prestashop
SQL injection in prestashop/prestashop
### Impact
Blind SQLi using Search filters with `orderBy` and `sortOrder` parameters
### Patches
The problem is fixed in 1.7.8.2
OSV
SQL injection in prestashop/prestashop
osv·2021-12-07
CVE-2021-43789 [HIGH] SQL injection in prestashop/prestashop
SQL injection in prestashop/prestashop
### Impact
Blind SQLi using Search filters with `orderBy` and `sortOrder` parameters
### Patches
The problem is fixed in 1.7.8.2
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/PrestaShop/PrestaShop/issues/26623https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4https://github.com/PrestaShop/PrestaShop/issues/26623https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4
2021-12-07
Published