CVE-2022-31101 Blockwishlist adds a block containing customer's wishlists to affected versions of Prestashop, which is fixed in version 2.1.1. Users are advised to upgrade.

CVE-2022-31101 Blockwishlist adds a block containing customer's wishlists to affected versions of Prestashop, which is fixed in version 2.1.1. Users are advised to upgrade.

Prestashop versions 2.1.0 to 2.1.0.4, 2.0.15 to 2.0.15.4, 2.1.0 to 2.1.0.3, 2.0.14 to 2.0.14.5, 2.1.0 to 2.1.0.2, 2.0.13 to 2.0.13.6, 2.1.0 to 2.1.0.1, 2.0.12 to 2.0.12.7, 2.1.0 to 2.1.0.0, 2.0.11 to 2.0.11.8, 2.1.0 to 2.1.0.0, 2.0.10 to 2.0.10.9, 2.1.0 to 2.1.0.0, 2.0.9 to 2.0.9.10, 2.1.0 to 2.1.0.0, 2.0.8 to 2.0.8.11, 2.1.0 to 2.1.0.0, 2.0.7 to 2.0.7.12, 2.1.0 to 2.1.0.0, 2.0.6 to 2.0.6.13, 2.1.0 to 2.1.0.0, 2.

Backward Incompatibility

Backward incompatibility is an issue that can occur in an upgrade process. For example, if you have version 2.0 of your software and decide to upgrade to version 2.1, you will be unable to use the old features from 2.0 with the new features in 2.1, as they are not compatible with one another.

Vendor Response

Prestashop released a security update to address this vulnerability. The vulnerability was discovered by the team at Core Security, who have published an attack surface analysis of the vulnerability.
The vulnerability affects versions 2.1.0 to 2.1.0.4, 2.0.15 to 2.0.15.4, 2.1.0 to 2.1.0.3, 2x2-2016033020312-1025-sql_injection/CVE-2022-31101/2-3000024e8f6b04c09d90883bfd7c8f7ce"&ticket=EKDVwMzJtYWNoZTUtN2QtZjI3YmFhZjdhMTEtNTkxNWMzOWMxOTg5NDgyMzEwMDU5YTgxZWUyNjA2OGQ%3D%3D

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe