Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-43789

Good to know:

icon

Date: December 7, 2021

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.

Language: PHP

Severity Score

Related Resources (8)

https://nvd.nist.gov/vuln/detail/CVE-2021-43789
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4
https://github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d6
https://cwe.mitre.org/data/definitions/89.html
https://github.com/PrestaShop/PrestaShop
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2
https://github.com/PrestaShop/PrestaShop/issues/26623
https://www.mend.io/vulnerability-database/CVE-2021-43789

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

icon

Upgrade Version

Upgrade to version prestashop/prestashop - dev-cron-js-routing;prestashop/prestashop - 1.7.8.0-rc.1;prestashop/prestashop - dev-docker/support-DEV_MODE;prestashop/prestashop - dev-revert-28548-removeDeprecate002;prestashop/prestashop - 1.7.7.7;prestashop/prestashop - dev-1.7.8.2-build;prestashop/prestashop - dev-1.7.8.x-8.0.x

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us