cve/2023/CVE-2023-39526.md

### [CVE-2023-39526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39526)
![](https://img.shields.io/static/v1?label=Product&message=PrestaShop&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.7.8.10%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)

### Description

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/dnkhack/fixcve2023_39526_2023_39527
- https://github.com/nomi-sec/PoC-in-GitHub
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-39526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39526)`
			`![](https://img.shields.io/static/v1?label=Product&message=PrestaShop&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.7.8.10%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)`

			`### Description`

			`PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/dnkhack/fixcve2023_39526_2023_39527`
			`- https://github.com/nomi-sec/PoC-in-GitHub`