PrestaShop 8.0.4/1.7.8.9 SQLi Filtering Vulnerability (CVE-2023-30839)
CVE-2023-30839 Published on April 25, 2023

PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager"
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.

Github Repository NVD

Vulnerability Analysis

CVE-2023-30839 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2023-30839 has been classified to as a SQL Injection vulnerability or weakness.


Products Associated with CVE-2023-30839

Want to know whenever a new CVE is published for PrestaShop? stack.watch will email you.

PrestaShop
 

Affected Versions

PrestaShop:

Vulnerable Packages

The following package name and versions may be associated with CVE-2023-30839

Package Manager Vulnerable Package Versions Fixed In
composer prestashop/prestashop >= 8.0.0, < 8.0.4 8.0.4
composer prestashop/prestashop < 1.7.8.9 1.7.8.9

Exploit Probability

EPSS
9.46%
Percentile
92.79%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.