Description
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
Patch, Third Party Advisory x_refsource_misc
https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
Scores
CVSS v3
9.0
EPSS
0.0051
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (2)
prestashop/prestashop
1.7.0.0 - 1.7.8.3
prestashop/prestashop
1.7.0.0 - 1.7.8.3Packagist
Published
Jan 26, 2022
Tracked Since
Feb 18, 2026