Skip to content

Blind SQLi using Search filters

High
PierreRambaud published GHSA-6xxj-gcjq-wgf4 Dec 7, 2021

Package

composer prestashop/prestashop (Composer)

Affected versions

>= 1.7.5.0

Patched versions

1.7.8.2

Description

Impact

Blind SQLi using Search filters with orderBy and sortOrder parameters

Patches

The problem is fixed in 1.7.8.2

References

SQL Injection (CWE-89)

Severity

High

CVE ID

CVE-2021-43789

Weaknesses

Credits