Miggo Logo

CVE-2021-43789: SQL injection in prestashop/prestashop

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.92706%
Published
12/7/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
prestashop/prestashopcomposer>= 1.7.5.0, <= 1.7.8.11.7.8.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from two key issues: 1) Validate::isOrderBy's permissive regex allowed SQL control characters in orderBy parameters. 2) Filters class methods (getOrderBy/getOrderWay) passed user-controlled parameters directly to SQL queries without adequate validation. The commit fixed these by introducing a stricter regex (ORDER_BY_REGEXP) and adding validation checks in Filters methods. The combination of weak input validation and direct usage in SQL query construction created the SQL injection vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *lin* SQLi usin* S**r** *ilt*rs wit* `or**r*y` *n* `sortOr**r` p*r*m*t*rs ### P*t***s T** pro*l*m is *ix** in *.*.*.*

Reasoning

T** vuln*r**ility st*mm** *rom two k*y issu*s: *) V*li**t*::isOr**r*y's p*rmissiv* r***x *llow** SQL *ontrol ***r**t*rs in or**r*y p*r*m*t*rs. *) *ilt*rs *l*ss m*t*o*s (**tOr**r*y/**tOr**rW*y) p*ss** us*r-*ontroll** p*r*m*t*rs *ir**tly to SQL qu*ri*s