Reading Time: < 1 minute

Three very important vulnerabilities have been detected in Prestashop: two of the SQL injection type, one of critical severity and the other of high severity, and another high-severity XSS injection vulnerability, which could allow any user with administrator permissions to write, update or drop SQL databases regardless of their permissions.

You can see the statement here.


The critical severity vulnerability is SQL filtering, which could allow a user to write, update, and delete the database, even without having specific administrator permissions.

Of the high-severity vulnerabilities, one affects arbitrary file reading, which makes it possible for a user with SQL manager access to arbitrarily read any file in the operating system with a SELECT function. The other high-severity vulnerability consists of a possible XSS injection, which could facilitate the hijacking of HTML elements without the need for user interaction.


Prestashop has released a patch and recommends updating to versions 8.0.4 and

The only current way to apply the patch is to update the version of Prestashop to the indicated ones.

If you have a Prestashop 1.7.X you must update to

If you have a Prestashop 8.X you must update to 8.0.4

That’s it, folks! Check out our blog for more information.


Free 30-days trial Hosting prestashop Fast, Secure and Optimized

Switch to Bhoost with 30 days free and migration included

Free 30-days trial