CVE-2021-43789

HIGH

PrestaShop <1.7.8.2 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43789.

AI-analyzed exploit summary The repository contains a functional proof-of-concept for CVE-2021-43789, demonstrating a SQL injection vulnerability in PrestaShop versions >= 1.7.5.0 and < 1.7.8.2. The exploit leverages a crafted HTTP request to inject malicious SQL payloads, confirmed by sqlmap output showing successful exploitation.

Description

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.

Exploits (1)

inthewild WORKING POC
poc
https://github.com/numanturle/cve-2021-43789

The repository contains a functional proof-of-concept for CVE-2021-43789, demonstrating a SQL injection vulnerability in PrestaShop versions >= 1.7.5.0 and < 1.7.8.2. The exploit leverages a crafted HTTP request to inject malicious SQL payloads, confirmed by sqlmap output showing successful exploitation.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: PrestaShop >= 1.7.5.0 < 1.7.8.2
Auth required
Prerequisites: Valid admin session token · Access to the admin panel
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/PrestaShop/PrestaShop/issues/26623
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2

Scores

CVSS v3 7.5
EPSS 0.1167
EPSS Percentile 93.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (2)
prestashop/prestashop 1.7.5.0 - 1.7.8.2
prestashop/prestashop 1.7.5.0 - 1.7.8.2Packagist
Published Dec 07, 2021
Tracked Since Feb 18, 2026