SQL injection possible in search product in BO

Moderate

matthieu-rolland published GHSA-75p5-jwx4-qw9h

Aug 7, 2023

Package

prestashop/prestashop (Composer)

Affected versions

>= 8.0.0 and < 8.1.1

Patched versions

8.1.1

Description

Impact

SQL injection possible in product search field, in BO's product page

Patches

8.1.1

Found by

Aleksey Solovev (Positive Technologies)

Workarounds

none

References

none

Severity

Moderate

6.7

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H