CVE-2022-31101

HIGH NUCLEI

Prestashop <2.1.1 - SQL Injection

Title source: llm

Description

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

Exploits (3)

exploitdb WORKING POC

by Karthik UJ · pythonwebappsphp

https://www.exploit-db.com/exploits/51001

View Code ZIP pw:eip

nomisec SCANNER 41 stars

by MathiasReker · poc

https://github.com/MathiasReker/blmvuln

View Code ZIP pw:eip

nomisec WORKING POC 25 stars

by karthikuj · poc

https://github.com/karthikuj/CVE-2022-31101

View Code ZIP pw:eip

Nuclei Templates (1)

Prestashop Blockwishlist 2.1.0 SQL Injection

HIGHby mastercho

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.html

[Patch, Third Party Advisory] https://github.com/PrestaShop/blockwishlist/commit/b3ec4b85af5fd73f74d55390b226d221298ca084

[Third Party Advisory] https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp

Scores

CVSS v3 8.1

EPSS 0.3292

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-89

Status published

Products (2)

prestashop/blockwishlist < 2.1.1

prestashop/blockwishlist 2.0.0 - 2.1.1Packagist

Published Jun 27, 2022

Tracked Since Feb 18, 2026