V1.7 MODULE TO FIX VULNERABILITY GHSA-6xxj-gcjq-wgf4 (AFFECTED PS 1.7.5.0 -> 1.7.8.1)

S

stronzodicane

Active member
Elite
XNullUser
Joined
Dec 13, 2021
Messages
37
Reaction score
197
Points
33
NullCash
1,030
A security flaw has been detected in Prestashop that potentially allows malicious people to compromise the integrity of the ecommerce. The Prestashop versions affected are:
Prestashop 1.7.5.0 -> 1.7.8.1

To solve and correct the problem it is necessary to update Prestashop to version 1.7.8.2 or to intervene in a targeted way by applying dedicated patches. Below is the link for more information:
github.com

Blind SQLi using Search filters

### Impact Blind SQLi using Search filters with `orderBy` and `sortOrder` parameters ### Patches The problem is fixed in 1.7.8.2 ### References [SQL Injection (CWE-89) ](https://cwe.mitr...
github.com github.com
 

Attachments

  • fixcve202143789.zip
    38.1 KB · Views: 21
d-shilko

d-shilko

Well-known member
☆☆ Special ☆☆
☆ Pro ☆
Joined
Jun 10, 2021
Messages
2,542
Reaction score
1,535
Points
113
NullCash
4,194
stronzodicane said:
A security flaw has been detected in Prestashop that potentially allows malicious people to compromise the integrity of the ecommerce. The Prestashop versions affected are:
Prestashop 1.7.5.0 -> 1.7.8.1

To solve and correct the problem it is necessary to update Prestashop to version 1.7.8.2 or to intervene in a targeted way by applying dedicated patches. Below is the link for more information:
github.com

Blind SQLi using Search filters

### Impact Blind SQLi using Search filters with `orderBy` and `sortOrder` parameters ### Patches The problem is fixed in 1.7.8.2 ### References [SQL Injection (CWE-89) ](https://cwe.mitr...
github.com github.com
Click to expand...
Hello I need tip. Are where you download this patch? Provide please link of page. Thanks in advance.
 
C

Cierrex

Member
XNullUser
Joined
Dec 12, 2020
Messages
577
Reaction score
1
Points
18
NullCash
1
thanks
 
d-shilko

d-shilko

Well-known member
☆☆ Special ☆☆
☆ Pro ☆
Joined
Jun 10, 2021
Messages
2,542
Reaction score
1,535
Points
113
NullCash
4,194
stronzodicane said:
u can open the php files and verify genuine code. I realized this patch ...
Click to expand...
Bro I understand code. I have to interesting where you got this patch - I need source for future!
Thank you in advance.
 
hegBIT

hegBIT

Well-known member
Master
Diamond
Elite
XNullUser
Joined
Mar 30, 2021
Messages
924
Reaction score
809
Points
93
NullCash
37
thanks
 
BabyBoss

BabyBoss

Member
XNullUser
Joined
Sep 18, 2021
Messages
54
Reaction score
105
Points
18
NullCash
744
stronzodicane said:
u can open the php files and verify genuine code. I realized this patch ...
Click to expand...

I'm not sure to understand what you did : you compile the pull request detail on github for this security fix (GHSA-6xxj-gcjq-wgf4) into a module and you release it here for earning Nullcash ?

d-shilko said:
Bro I understand code. I have to interesting where you got this patch - I need source for future!
Thank you in advance.
Click to expand...
You have to go on github every time to find the fix. Here is the detail for this specific fix : https://github.com/PrestaShop/PrestaShop/commit/6482b9ddc9dcebf7588dbfd616d2d635218408d6
 
d-shilko

d-shilko

Well-known member
☆☆ Special ☆☆
☆ Pro ☆
Joined
Jun 10, 2021
Messages
2,542
Reaction score
1,535
Points
113
NullCash
4,194
BabyBoss

BabyBoss

Member
XNullUser
Joined
Sep 18, 2021
Messages
54
Reaction score
105
Points
18
NullCash
744
I'm pretty sure there is no patch at all..
Stronzodicane made this patch by himself (I'll not spend nullcash to see what it contains) I guess it's the 2 or 3 modified php files you need to replace in the dedicated directories.
 
You must log in or register to reply here.
Top