CVE-2021-43789: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
(updated )
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2.
References
- cwe.mitre.org/data/definitions/89.html
- github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d6
- github.com/PrestaShop/PrestaShop/issues/26623
- github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4
- github.com/advisories/GHSA-6xxj-gcjq-wgf4
- nvd.nist.gov/vuln/detail/CVE-2021-43789
Detect and mitigate CVE-2021-43789 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →