9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31181

GHSA ID

GHSA-hrgx-p36p-89q4

EPSS Score

0.9214%

CWE

CWE-89

Published

7/29/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-31181

CVE-2022-31181: PrestaShop eval injection possible if shop vulnerable to SQL injection

Impact

Eval injection possible if the shop is vulnerable to an SQL injection.

Patches

The problem is fixed in version 1.7.8.7

Workarounds

Delete the MySQL Smarty cache feature by removing these lines in the file config/smarty.config.inc.php lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6):

if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php';
    $smarty->caching_type = 'mysql';
}

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31181

GHSA ID

GHSA-hrgx-p36p-89q4

EPSS Score

0.9214%

CWE

CWE-89

Published

7/29/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
prestashop/prestashop	composer	>= 1.6.0.10, < 1.7.8.7	1.7.8.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability chain requires: 1. SQL injection to modify cached content (CWE-89), and 2. Evaluation of that content via Smarty (CWE-95). The pre-patch versions lacked encryption in these methods, making cached content manipulable through SQL injection. The commit added encryption/decryption to prevent code injection via cached content. These functions directly handle the storage and retrieval of template cache data that gets evaluated by Smarty, making them the critical vulnerable components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *v*l inj**tion possi*l* i* t** s*op is vuln*r**l* to *n SQL inj**tion. ### P*t***s T** pro*l*m is *ix** in v*rsion *.*.*.* ### Work*roun*s **l*t* t** MySQL Sm*rty ***** ***tur* *y r*movin* t**s* lin*s in t** *il* `*on*i*/sm*rty.*on*i*.in

Reasoning

T** vuln*r**ility ***in r*quir*s: *. SQL inj**tion to mo*i*y ****** *ont*nt (*W*-**), *n* *. *v*lu*tion o* t**t *ont*nt vi* `Sm*rty` (*W*-**). T** pr*-p*t** v*rsions l**k** *n*ryption in t**s* m*t*o*s, m*kin* ****** *ont*nt m*nipul**l* t*rou** SQL in

9.8

Basic Information

Concerned about an active attack path?

CVE-2022-31181: PrestaShop eval injection possible if shop vulnerable to SQL injection

Impact

Patches

Workarounds

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI