-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized use of the 'message' parameter in the contact form handler. While exact function names aren't shown in advisories, PrestaShop's architecture suggests the contact form processing occurs in contactform.php. The CVE description explicitly mentions payload injection via this parameter, and historical duplicates (CVE-2020-15178) indicate recurring pattern of missing output encoding in contact form handlers. The file path and parameter correlation provide high confidence in the vulnerable function's location.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| prestashop/prestashop | composer | <= 1.7.7.4 |
PHPPHPKEV Misses 88% of Exploited CVEs- Get the report