Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31101

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

Published

2022-06-27T23:15:08.107

Last Modified

2024-11-21T07:03:53.770

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	prestashop	blockwishlist	< 2.1.1	Yes

References

http://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.html Exploit, Third Party Advisory, VDB Entry ([email protected])
https://github.com/PrestaShop/blockwishlist/commit/b3ec4b85af5fd73f74d55390b226d221298ca084 Patch, Third Party Advisory ([email protected])
https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PrestaShop/blockwishlist/commit/b3ec4b85af5fd73f74d55390b226d221298ca084 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)