Reading Time: < 1 minute
Multiple_vulnerabilities_in_PrestaShop

Three very important vulnerabilities have been detected in Prestashop: two of the SQL injection type, one of critical severity and the other of high severity, and another high-severity XSS injection vulnerability, which could allow any user with administrator permissions to write, update or drop SQL databases regardless of their permissions.

You can see the statement here.

Detail:

The critical severity vulnerability is SQL filtering, which could allow a user to write, update, and delete the database, even without having specific administrator permissions.

Of the high-severity vulnerabilities, one affects arbitrary file reading, which makes it possible for a user with SQL manager access to arbitrarily read any file in the operating system with a SELECT function. The other high-severity vulnerability consists of a possible XSS injection, which could facilitate the hijacking of HTML elements without the need for user interaction.

Solution:

Prestashop has released a patch and recommends updating to versions 8.0.4 and 1.7.8.9.

https://build.prestashop-project.org/news/2023/prestashop-8-0-4-maintenance-release/
https://build.prestashop-project.org/news/2023/prestashop-1-7-8-9-maintenance-release/

The only current way to apply the patch is to update the version of Prestashop to the indicated ones.

If you have a Prestashop 1.7.X you must update to 1.7.8.9

If you have a Prestashop 8.X you must update to 8.0.4

That’s it, folks! Check out our blog for more information.

pattern-lines

Free 30-days trial Hosting prestashop Fast, Secure and Optimized

Switch to Bhoost with 30 days free and migration included

Free 30-days trial
macbook