CVE-2022-21686 PrestaShop's back office is vulnerable to injection attacks in older versions. The problem is fixed in version 1.7.8.3.

This issue was reported by the PrestaShop team through the Bug Tracker and described in detail. The PrestaShop team responded quickly and fixed the issue in version 1.7.8.3. This issue has been classed as a high priority issue. It is recommended that you upgrade your PrestaShop installation as soon as possible.

The PrestaShop team responded to all customer enquiries and fixed the issue in version 1.7.8.3

The team communicated with them and fixed the problem in a timely manner.
This is why this incident is classed as a high priority issue because it was resolved quickly and effectively.
The PrestaShop team responded to all customer enquiries, which shows that they are customer-focused and care about their products and services

Bypassing Authentication - CVE-2022-21688

This issue was reported by the PrestaShop team through the Bug Tracker and described in detail. The PrestaShop team responded quickly and fixed the issue in version 1.7.8.3, without requiring any changes to your system. This issue has been classed as a high priority issue. It is recommended that you upgrade your PrestaShop installation as soon as possible.

Temporary Files Exposure

The issue was fixed in 1.7.8.3 and is no longer an issue. The following message has been added to the release notes of this version: "Fixed a bug in which temporary files could be exposed due to a typo in PHP."

Timeline

Published on: 01/26/2022 20:15:00 UTC
Last modified on: 02/04/2022 16:21:00 UTC

References

• https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
• https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
• https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21686