CRITICAL 9.9
GHSA-p379-cxqh-q822
SQL filter bypass leading to arbitrary write requests using "SQL Manager"
Details
### Impact SQL filtering vulnerability, a BO user can write, update and delete in the database, even without having specific rights.
### Patches PrestaShop 8.0.4 and 1.7.8.9 will contain the patch.
### Workarounds no
### References no
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist / prestashop/prestashop
Introduced in:
8.0.0 Fixed in: 8.0.4 Fix
composer require prestashop/prestashop:^8.0.4 Packagist / prestashop/prestashop
Introduced in:
0 Fixed in: 1.7.8.9 Fix
composer require prestashop/prestashop:^1.7.8.9 References
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2023-30839 [ADVISORY]
- https://github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30 [WEB]
- https://github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149 [WEB]
- https://github.com/PrestaShop/PrestaShop [PACKAGE]
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9 [WEB]
- https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4 [WEB]