Arbitrary Code Injection Affecting prestashop/prestashop package, versions >=1.7.0.0, <1.7.8.3
Snyk CVSS
Attack Complexity
High
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
0.37% (72nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-PRESTASHOPPRESTASHOP-2385693
- published 27 Jan 2022
- disclosed 27 Jan 2022
- credit Unknown
Introduced: 27 Jan 2022
CVE-2022-21686 Open this link in a new tabHow to fix?
Upgrade prestashop/prestashop
to version 1.7.8.3 or higher.
Overview
prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers.
Affected versions of this package are vulnerable to Arbitrary Code Injection via the legacy layout, which when used makes it possible to inject Twig Template code in the backend of the server.