cvelist/2022/31xxx/CVE-2022-31181.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-31181",
        "STATE": "PUBLIC",
        "TITLE": "Remote code execution in prestashop"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "PrestaShop",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": ">= 1.6.0.10, < 1.7.8.7"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "PrestaShop"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
                    }
                ]
            },
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4",
                "refsource": "CONFIRM",
                "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4"
            },
            {
                "name": "https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804",
                "refsource": "MISC",
                "url": "https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804"
            },
            {
                "name": "https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7",
                "refsource": "MISC",
                "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7"
            }
        ]
    },
    "source": {
        "advisory": "GHSA-hrgx-p36p-89q4",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2022-05-18 19:01:55 +00:00			`{`
			`"CVE_data_meta": {`
Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 2022-08-01 19:29:50 +00:00			`"ASSIGNER": "security-advisories@github.com",`
"-Synchronized-Data." 2022-05-18 19:01:55 +00:00			`"ID": "CVE-2022-31181",`
Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 2022-08-01 19:29:50 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Remote code execution in prestashop"`
"-Synchronized-Data." 2022-05-18 19:01:55 +00:00			`},`
Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 2022-08-01 19:29:50 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "PrestaShop",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": ">= 1.6.0.10, < 1.7.8.7"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "PrestaShop"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-05-18 19:01:55 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-08-01 20:00:51 +00:00			`"value": "PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature."`
Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 2022-08-01 19:29:50 +00:00			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9.8,`
			`"baseSeverity": "CRITICAL",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"`
			`}`
			`]`
			`},`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4"`
			`},`
			`{`
			`"name": "https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804",`
			`"refsource": "MISC",`
			`"url": "https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804"`
			`},`
			`{`
			`"name": "https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7",`
			`"refsource": "MISC",`
			`"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7"`
"-Synchronized-Data." 2022-05-18 19:01:55 +00:00			`}`
			`]`
Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 Add CVE-2022-31181 for GHSA-hrgx-p36p-89q4 2022-08-01 19:29:50 +00:00			`},`
			`"source": {`
			`"advisory": "GHSA-hrgx-p36p-89q4",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2022-05-18 19:01:55 +00:00			`}`
			`}`