SQL Injection Affecting prestashop/prestashop package, versions >=1.6.0.10, <1.7.8.7


0.0
high
  • Exploit Maturity

    Mature

  • Attack Complexity

    High

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-PHP-PRESTASHOPPRESTASHOP-2959890

  • published

    24 Jul 2022

  • disclosed

    24 Jul 2022

  • credit

    Unknown

How to fix?

Upgrade prestashop/prestashop to version 1.7.8.7 or higher.

Overview

prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers.

Affected versions of this package are vulnerable to SQL Injection via a sequence of specially crafted HTTP requests to a vulnerable endpoint, a malicious actor may leverage a found SQLi to RCE.

Versions 1.7.8.2 and greater are not vulnerable to the previously found SQLi in this library (CVE-2021-43789 unless they are running a module or custom code which itself includes an SQL injection vulnerability that may enable this attack chain.

Mitigation:

If upgrading is not possible it is recommended to physically disable the MySQL Smarty cache storage features in PrestaShop’s code, as it is suspected of being used as part of the attack vector:

In the config/smarty.config.inc.php file remove this line:

php if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php'; $smarty->caching_type = 'mysql'; }