Vulnerability Description
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | >= 1.7.0.0, <= 1.7.8.3 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f58896PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3Release NotesThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465Third Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f58896PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3Release NotesThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465Third Party Advisory
FAQ
What is CVE-2022-21686?
CVE-2022-21686 is a vulnerability with a CVSS score of 9.0 (CRITICAL). PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy la...
How severe is CVE-2022-21686?
CVE-2022-21686 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-21686?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.