PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21 | Patch Third Party Advisory | 
| https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3 | Release Notes Third Party Advisory | 
| https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465 | Third Party Advisory | 
| https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21 | Patch Third Party Advisory | 
| https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3 | Release Notes Third Party Advisory | 
| https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465 | Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2022-01-26 20:15
Updated : 2024-11-21 06:45
NVD link : CVE-2022-21686
Mitre link : CVE-2022-21686
CVE.ORG link : CVE-2022-21686
JSON object : View
Products Affected
                prestashop
- prestashop
CWE
                
                    
                        
                        CWE-94
                        
            Improper Control of Generation of Code ('Code Injection')
