CVE-2023-39526
published 2023-08-07CVE-2023-39526: PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.34%
67.8th percentile
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| prestashop | prestashop | < 1.7.8.10 | 1.7.8.10 |
| prestashop | prestashop | — | — |
| prestashop | prestashop | — | — |
| prestashop | prestashop | — | — |
| prestashop | prestashop | >= 0 < 1.7.8.10 | 1.7.8.10 |
| prestashop | prestashop | >= 8.0.0 < 8.0.5 | 8.0.5 |
| prestashop | prestashop | >= 8.0.0 < 8.0.5 | 8.0.5 |
| prestashop | prestashop | >= 8.1.0 < 8.1.1 | 8.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PrestaShop SQL manager vulnerability
ghsa·2023-08-09
CVE-2023-39526 [CRITICAL] CWE-89 PrestaShop SQL manager vulnerability
PrestaShop SQL manager vulnerability
### Impact
Remote code execution through SQL injection and arbitrary file write in back office
### Patches
1.7.8.10
8.0.5
8.1.1
### Found by
Truff (via yeswehack)
### Workarounds
none
### References
none
OSV
PrestaShop SQL manager vulnerability
osv·2023-08-09
CVE-2023-39526 [CRITICAL] PrestaShop SQL manager vulnerability
PrestaShop SQL manager vulnerability
### Impact
Remote code execution through SQL injection and arbitrary file write in back office
### Patches
1.7.8.10
8.0.5
8.1.1
### Found by
Truff (via yeswehack)
### Workarounds
none
### References
none
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pchttps://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc
2023-08-07
Published