PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
Loading...
Loading...
This critical-severity CVE scores 9.8 under NVD CVSS v3. EPSS exploit-prediction score not yet available (the EPSS model rescores nightly; freshly-published CVEs typically appear within 48 hours). GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
September 24, 2020
November 21, 2024
Affected: 1.7.6.8
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fghq-8h87-826gPatch available: PrestaShop/PrestaShop 1.7.6.8
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8Fix landed in PrestaShop/PrestaShop commit 3fa0dfa5a8f4 — awaiting tagged release
https://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Working exploit code is in the public domain (1 Exploit-DB entry). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
Open source ↗See which npm, PyPI, Go, and Maven packages are affected by CVE-2020-15160
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.