Home > Vulnerability Database > CVE-2022-31181

Mend.io Vulnerability Database

CVE-2022-31181

Good to know:

Date: August 1, 2022

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.

Language: PHP

Severity Score

9.8

Related Resources (6)

Url: https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804

Url: https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7

Url: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4

Url: https://github.com/PrestaShop/PrestaShop

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31181

Url: https://www.mend.io/vulnerability-database/CVE-2022-31181

Severity Score

9.8

Weakness Type (CWE)

Injection

CWE-74

SQL Injection

CWE-89

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CWE-95

Top Fix

Upgrade Version

Upgrade to version 1.7.8.7

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31181

Good to know:

Date: August 1, 2022

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?