CVE-2022-31181

CRITICAL EXPLOITED NUCLEI

PrestaShop <1.7.8.7 - SQL Injection

Title source: llm

Exploitation Summary

CVE-2022-31181 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including drkbcn. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a patch for CVE-2022-31181, a SQL injection vulnerability in PrestaShop. It includes an override for the SmartyCacheResourceMysql class to encrypt cached content and prevent exploitation.

Description

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.

Exploits (1)

nomisec WORKING POC

by drkbcn · poc

https://github.com/drkbcn/lblfixer_cve_2022_31181

View Code ZIP pw:eip

This repository provides a patch for CVE-2022-31181, a SQL injection vulnerability in PrestaShop. It includes an override for the SmartyCacheResourceMysql class to encrypt cached content and prevent exploitation.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: PrestaShop 1.6.1.X and 1.7.X

No auth needed

Prerequisites: Access to a vulnerable PrestaShop installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

PrestaShop - SQL Injection to Eval Injection

CRITICALVERIFIEDby daffainfo

Shodan: http.component:"Prestashop" || cpe:"cpe:2.3:a:prestashop:prestashop" || http.component:"prestashop"

References (3)

Core 3

Core References

Mitigation, Third Party Advisory x_refsource_confirm

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4

Patch, Third Party Advisory x_refsource_misc

https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804

View Patch ZIP pw:eip

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7

Scores

CVSS v3 9.8

EPSS 0.7827

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2022-07-22

CWE

CWE-74 CWE-89

Status published

Products (2)

prestashop/prestashop 1.6.0.10 - 1.7.8.7

prestashop/prestashop 1.6.0.10 - 1.7.8.7Packagist

Published Aug 01, 2022

Tracked Since Feb 18, 2026