Skip to content

Server Side Twig Template Injection

Moderate
PierreRambaud published GHSA-mrq4-7ch7-2465 Jan 26, 2022

Package

composer prestashop/prestashop (Composer)

Affected versions

>= 1.7.0.0

Patched versions

1.7.8.3

Description

Impact

An attacker is able to inject twig code inside the back office when using the legacy layout.

Patches

The problem is fixed in 1.7.8.3

Severity

Moderate

CVE ID

CVE-2022-21686

Weaknesses

Credits