← back
CVE-2023-39526

PrestaShopSQL manager vulnerability (potential RCE)

CVSS 9.1 CRITICALEPSS 1.3%CWE-89
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
PrestaShop · PrestaShop
public PoCs found1
githubgithub.com/dnkhack/fixcve2023_39526_2023_395273
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc