CVE-2023-30839

CRITICAL9.9EPSS 4.6%

SQL filter bypass leading to arbitrary write requests using "SQL Manager"

發布日:2023/4/25修改日:2024/3/6

也稱為:GHSA-p379-cxqh-q822BIT-prestashop-2023-30839

描述

### Impact SQL filtering vulnerability, a BO user can write, update and delete in the database, even without having specific rights. ### Patches PrestaShop 8.0.4 and 1.7.8.9 will contain the patch. ### Workarounds no ### References no

受影響套件(2)

Bitnami/prestashop>= 8.0.0, < 8.0.4
Packagist/prestashop/prestashop>= 8.0.0, < 8.0.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-30839
PATCHhttps://github.com/PrestaShop/PrestaShop
WEBhttps://github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30
WEBhttps://github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149
WEBhttps://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
WEBhttps://github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
WEBhttps://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822