GHSA-6xxj-gcjq-wgf4

Suggest an improvement
Source
https://github.com/advisories/GHSA-6xxj-gcjq-wgf4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-6xxj-gcjq-wgf4/GHSA-6xxj-gcjq-wgf4.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-6xxj-gcjq-wgf4
Aliases
Published
2021-12-07T21:23:17Z
Modified
2023-11-01T04:56:44.673842Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
SQL injection in prestashop/prestashop
Details

Impact

Blind SQLi using Search filters with orderBy and sortOrder parameters

Patches

The problem is fixed in 1.7.8.2

Database specific
{
    "nvd_published_at": "2021-12-07T17:15:00Z",
    "github_reviewed_at": "2021-12-07T20:58:26Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ]
}
References

Affected packages

Packagist / prestashop/prestashop

Package

Name
prestashop/prestashop
Purl
pkg:composer/prestashop/prestashop

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.7.5.0
Fixed
1.7.8.2

Affected versions

1.*

1.7.5.0
1.7.5.1
1.7.5.2
1.7.6.0-beta.1
1.7.6.0-rc.1
1.7.6.0-rc.2
1.7.6.0
1.7.6.1
1.7.6.2
1.7.6.3
1.7.6.4
1.7.6.5
1.7.6.6
1.7.6.7
1.7.6.8
1.7.6.9
1.7.7.0-beta.1
1.7.7.0-beta.2
1.7.7.0-rc.1
1.7.7.0
1.7.7.1
1.7.7.2
1.7.7.3
1.7.7.4
1.7.7.5
1.7.7.6
1.7.7.7
1.7.7.8
1.7.8.0-beta.1
1.7.8.0-rc.1
1.7.8.0
1.7.8.1

Database specific

{
    "last_known_affected_version_range": "<= 1.7.8.1"
}