VulnerableCode Package Details - pkg:composer/prestashop/prestashop@1.6.0%2B10

Search for packages

Vulnerability	Summary	Fixed by
VCID-4b1q-fwjf-2ffs Aliases: CVE-2022-36408 GHSA-qv6h-pcf2-2w3g	Duplicate Advisory GHSA-hrgx-p36p-89q4 ## Duplicate Advisory This advisory is a duplicate of GHSA-hrgx-p36p-89q4. This link is maintained to preserve external references. ## Original Description PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.	1.7.8+2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vcuy-9cdj-uyhz Aliases: CVE-2022-31181 GHSA-hrgx-p36p-89q4 GMS-2022-3270	PrestaShop eval injection possible if shop vulnerable to SQL injection ### Impact Eval injection possible if the shop is vulnerable to an SQL injection. ### Patches The problem is fixed in version 1.7.8.7 ### Workarounds Delete the MySQL Smarty cache feature by removing these lines in the file `config/smarty.config.inc.php` lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6): ```php if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php'; $smarty->caching_type = 'mysql'; } ```	1.7.8.7 Affected by 15 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.7.8+7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4b1q-fwjf-2ffs
Aliases:
CVE-2022-36408
GHSA-qv6h-pcf2-2w3g

Duplicate Advisory GHSA-hrgx-p36p-89q4 ## Duplicate Advisory This advisory is a duplicate of GHSA-hrgx-p36p-89q4. This link is maintained to preserve external references. ## Original Description PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.

1.7.8+2
Affected by 1 other vulnerability.

VCID-vcuy-9cdj-uyhz
Aliases:
CVE-2022-31181
GHSA-hrgx-p36p-89q4
GMS-2022-3270

PrestaShop eval injection possible if shop vulnerable to SQL injection ### Impact Eval injection possible if the shop is vulnerable to an SQL injection. ### Patches The problem is fixed in version 1.7.8.7 ### Workarounds Delete the MySQL Smarty cache feature by removing these lines in the file `config/smarty.config.inc.php` lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6): ```php if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php'; $smarty->caching_type = 'mysql'; } ```

1.7.8.7
Affected by 15 other vulnerabilities.

1.7.8+7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:27:25.171807+00:00	GitLab Importer	Affected by	VCID-vcuy-9cdj-uyhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/GMS-2022-3270.yml	38.1.0
2026-04-01T16:02:54.551581+00:00	GHSA Importer	Affected by	VCID-vcuy-9cdj-uyhz	https://github.com/advisories/GHSA-hrgx-p36p-89q4	38.0.0
2026-04-01T16:02:51.300976+00:00	GHSA Importer	Affected by	VCID-4b1q-fwjf-2ffs	https://github.com/advisories/GHSA-qv6h-pcf2-2w3g	38.0.0