cbcvebase.
CVE-2023-39526
published 2023-08-07

CVE-2023-39526: PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.34%
67.8th percentile
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

Affected

8 ranges
VendorProductVersion rangeFixed in
prestashopprestashop< 1.7.8.101.7.8.10
prestashopprestashop
prestashopprestashop
prestashopprestashop
prestashopprestashop>= 0 < 1.7.8.101.7.8.10
prestashopprestashop>= 8.0.0 < 8.0.58.0.5
prestashopprestashop>= 8.0.0 < 8.0.58.0.5
prestashopprestashop>= 8.1.0 < 8.1.18.1.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.