Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-30545

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9

Published

2023-04-25T18:15:09.677

Last Modified

2024-11-21T08:00:23.783

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	prestashop	prestashop	< 1.7.8.9	Yes
Application	prestashop	prestashop	< 8.0.4	Yes

References

https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630 Patch ([email protected])
https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81 Patch ([email protected])
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp Vendor Advisory ([email protected])
https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)