← voltar
CVE-2022-31101

SQL Injection in prestashop/blockwishlist

CVSS 8.1 HIGHEPSS 18.0%CWE-89
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Produtos afetados
PrestaShop · blockwishlist
PoCs públicas encontradas4
githubgithub.com/MathiasReker/blmvuln42githubgithub.com/karthikuj/CVE-2022-3110125cve_referencepacketstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/51001não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.htmlhttps://github.com/PrestaShop/blockwishlist/commit/b3ec4b85af5fd73f74d55390b226d221298ca084https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp