Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/prestashop/prestashop@1.6.0%2B10
Typecomposer
Namespaceprestashop
Nameprestashop
Version1.6.0+10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.2.5
Latest_non_vulnerable_version9.1.0
Affected_by_vulnerabilities
0
url VCID-4b1q-fwjf-2ffs
vulnerability_id VCID-4b1q-fwjf-2ffs
summary 
Duplicate Advisory GHSA-hrgx-p36p-89q4
## Duplicate Advisory

This advisory is a duplicate of GHSA-hrgx-p36p-89q4. This link is maintained to preserve external references.

## Original Description

PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.
references
0
reference_url https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites
1
reference_url https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/
reference_id
reference_type
scores
url https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/
2
reference_url https://github.com/PrestaShop/PrestaShop
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36408
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36408
4
reference_url https://github.com/advisories/GHSA-qv6h-pcf2-2w3g
reference_id GHSA-qv6h-pcf2-2w3g
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv6h-pcf2-2w3g
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B2
purl pkg:composer/prestashop/prestashop@1.7.8%2B2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghu1-c6e6-pudm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B2
aliases CVE-2022-36408, GHSA-qv6h-pcf2-2w3g
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4b1q-fwjf-2ffs
1
url VCID-vcuy-9cdj-uyhz
vulnerability_id VCID-vcuy-9cdj-uyhz
summary 
PrestaShop eval injection possible if shop vulnerable to SQL injection
### Impact
Eval injection possible if the shop is vulnerable to an SQL injection.

### Patches
The problem is fixed in version 1.7.8.7

### Workarounds
Delete the MySQL Smarty cache feature by removing these lines in the file `config/smarty.config.inc.php` lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6):
```php
if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php';
    $smarty->caching_type = 'mysql';
}
```
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31181
reference_id
reference_type
scores
0
value 0.78272
scoring_system epss
scoring_elements 0.99018
published_at 2026-04-04T12:55:00Z
1
value 0.78272
scoring_system epss
scoring_elements 0.9903
published_at 2026-04-26T12:55:00Z
2
value 0.78272
scoring_system epss
scoring_elements 0.99028
published_at 2026-04-24T12:55:00Z
3
value 0.78272
scoring_system epss
scoring_elements 0.99027
published_at 2026-04-21T12:55:00Z
4
value 0.78272
scoring_system epss
scoring_elements 0.99026
published_at 2026-04-18T12:55:00Z
5
value 0.78272
scoring_system epss
scoring_elements 0.99025
published_at 2026-04-16T12:55:00Z
6
value 0.78272
scoring_system epss
scoring_elements 0.99024
published_at 2026-04-13T12:55:00Z
7
value 0.78272
scoring_system epss
scoring_elements 0.99016
published_at 2026-04-02T12:55:00Z
8
value 0.78272
scoring_system epss
scoring_elements 0.9902
published_at 2026-04-07T12:55:00Z
9
value 0.78272
scoring_system epss
scoring_elements 0.99023
published_at 2026-04-11T12:55:00Z
10
value 0.78272
scoring_system epss
scoring_elements 0.99021
published_at 2026-04-09T12:55:00Z
11
value 0.78272
scoring_system epss
scoring_elements 0.99022
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31181
1
reference_url https://github.com/PrestaShop/PrestaShop
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:50Z/
url https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:50Z/
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7
4
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:50Z/
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31181
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31181
6
reference_url https://github.com/advisories/GHSA-hrgx-p36p-89q4
reference_id GHSA-hrgx-p36p-89q4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrgx-p36p-89q4
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8.7
purl pkg:composer/prestashop/prestashop@1.7.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1trs-ajxn-jkhk
1
vulnerability VCID-22v3-9qr1-pyfg
2
vulnerability VCID-2kkx-8ucb-7ucj
3
vulnerability VCID-45hk-m7uv-zqfe
4
vulnerability VCID-7wj5-37ma-hbhg
5
vulnerability VCID-8beq-8rca-mbhd
6
vulnerability VCID-9n6p-8b89-63c6
7
vulnerability VCID-c4g5-t8vx-syax
8
vulnerability VCID-cf1h-m5xj-mfc5
9
vulnerability VCID-ey36-u4qn-gbge
10
vulnerability VCID-f4m9-pgg8-nqa3
11
vulnerability VCID-gggb-dges-qke1
12
vulnerability VCID-htkt-tj6d-hydx
13
vulnerability VCID-keyj-v83x-nkck
14
vulnerability VCID-mb3x-p2d7-gqdx
15
vulnerability VCID-s53g-k7gw-yyd4
16
vulnerability VCID-vsng-njkm-hydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.7
1
url pkg:composer/prestashop/prestashop@1.7.8%2B7
purl pkg:composer/prestashop/prestashop@1.7.8%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B7
aliases CVE-2022-31181, GHSA-hrgx-p36p-89q4, GMS-2022-3270
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vcuy-9cdj-uyhz
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.6.0%252B10