Vulnerability Details CVE-2022-21686
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.2%
CVSS Severity
CVSS v3 Score 9.0
CVSS v2 Score 7.5
References
- https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
- https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
Products affected by CVE-2022-21686
-
cpe:2.3:a:prestashop:prestashop:1.7.0.0
-
cpe:2.3:a:prestashop:prestashop:1.7.0.1
-
cpe:2.3:a:prestashop:prestashop:1.7.0.2
-
cpe:2.3:a:prestashop:prestashop:1.7.0.3
-
cpe:2.3:a:prestashop:prestashop:1.7.0.4
-
cpe:2.3:a:prestashop:prestashop:1.7.0.5
-
cpe:2.3:a:prestashop:prestashop:1.7.0.6
-
cpe:2.3:a:prestashop:prestashop:1.7.1.0
-
cpe:2.3:a:prestashop:prestashop:1.7.1.1
-
cpe:2.3:a:prestashop:prestashop:1.7.1.2
-
cpe:2.3:a:prestashop:prestashop:1.7.2.0
-
cpe:2.3:a:prestashop:prestashop:1.7.2.1
-
cpe:2.3:a:prestashop:prestashop:1.7.2.2
-
cpe:2.3:a:prestashop:prestashop:1.7.2.3
-
cpe:2.3:a:prestashop:prestashop:1.7.2.4
-
cpe:2.3:a:prestashop:prestashop:1.7.2.5
-
cpe:2.3:a:prestashop:prestashop:1.7.3.0
-
cpe:2.3:a:prestashop:prestashop:1.7.3.1
-
cpe:2.3:a:prestashop:prestashop:1.7.3.2
-
cpe:2.3:a:prestashop:prestashop:1.7.3.3
-
cpe:2.3:a:prestashop:prestashop:1.7.3.4
-
cpe:2.3:a:prestashop:prestashop:1.7.4.0
-
cpe:2.3:a:prestashop:prestashop:1.7.4.1
-
cpe:2.3:a:prestashop:prestashop:1.7.4.2
-
cpe:2.3:a:prestashop:prestashop:1.7.4.3
-
cpe:2.3:a:prestashop:prestashop:1.7.4.4
-
cpe:2.3:a:prestashop:prestashop:1.7.5.0
-
cpe:2.3:a:prestashop:prestashop:1.7.5.1
-
cpe:2.3:a:prestashop:prestashop:1.7.5.2
-
cpe:2.3:a:prestashop:prestashop:1.7.6.0
-
cpe:2.3:a:prestashop:prestashop:1.7.6.1
-
cpe:2.3:a:prestashop:prestashop:1.7.6.2
-
cpe:2.3:a:prestashop:prestashop:1.7.6.3
-
cpe:2.3:a:prestashop:prestashop:1.7.6.4
-
cpe:2.3:a:prestashop:prestashop:1.7.6.5
-
cpe:2.3:a:prestashop:prestashop:1.7.6.6
-
cpe:2.3:a:prestashop:prestashop:1.7.6.7
-
cpe:2.3:a:prestashop:prestashop:1.7.6.8
-
cpe:2.3:a:prestashop:prestashop:1.7.6.9
-
cpe:2.3:a:prestashop:prestashop:1.7.7.0
-
cpe:2.3:a:prestashop:prestashop:1.7.7.1
-
cpe:2.3:a:prestashop:prestashop:1.7.7.2
-
cpe:2.3:a:prestashop:prestashop:1.7.7.3
-
cpe:2.3:a:prestashop:prestashop:1.7.7.4
-
cpe:2.3:a:prestashop:prestashop:1.7.7.5
-
cpe:2.3:a:prestashop:prestashop:1.7.7.6
-
cpe:2.3:a:prestashop:prestashop:1.7.7.7
-
cpe:2.3:a:prestashop:prestashop:1.7.7.8
-
cpe:2.3:a:prestashop:prestashop:1.7.8.0
-
cpe:2.3:a:prestashop:prestashop:1.7.8.1
-
cpe:2.3:a:prestashop:prestashop:1.7.8.2
-
cpe:2.3:a:prestashop:prestashop:1.7.8.3