Vulnerability Details CVE-2022-31101
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.138
EPSS Ranking 93.9%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.html
- https://github.com/PrestaShop/blockwishlist/commit/b3ec4b85af5fd73f74d55390b226d221298ca084
- https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp
- http://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.html
- https://github.com/PrestaShop/blockwishlist/commit/b3ec4b85af5fd73f74d55390b226d221298ca084
- https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp
Products affected by CVE-2022-31101
-
cpe:2.3:a:prestashop:blockwishlist:-
-
cpe:2.3:a:prestashop:blockwishlist:2.0.0
-
cpe:2.3:a:prestashop:blockwishlist:2.0.1
-
cpe:2.3:a:prestashop:blockwishlist:2.1.0