CVE-2021-43789: SQL injection in prestashop/prestashop
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.92706%
CWE
Published
12/7/2021
Updated
2/1/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
prestashop/prestashop | composer | >= 1.7.5.0, <= 1.7.8.1 | 1.7.8.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from two key issues: 1) Validate::isOrderBy's permissive regex allowed SQL control characters in orderBy parameters. 2) Filters class methods (getOrderBy/getOrderWay) passed user-controlled parameters directly to SQL queries without adequate validation. The commit fixed these by introducing a stricter regex (ORDER_BY_REGEXP) and adding validation checks in Filters methods. The combination of weak input validation and direct usage in SQL query construction created the SQL injection vector.