![]() PrestaShop is an Open Source e-commerce platform. Users unable to upgrade may delete the MySQL Smarty cache feature. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. ![]() There are no known workarounds for this issue. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. Users may have been able to view the contents of the upload directory without appropriate permissions. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. PrestaShop is an open-source e-commerce solution. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. When authenticating users, PrestaShop preserves session attributes. PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9 This gives the user access to critical information. In the PrestaShop Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. If you want to see a complete summary for this CPE, please contact us.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |