CVE-2022-31101: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

June 27, 2022 (updated December 9, 2022)

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer’s wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

References

github.com/PrestaShop/blockwishlist/commit/b3ec4b85af5fd73f74d55390b226d221298ca084
github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp
github.com/advisories/GHSA-2jx3-5j9v-prpp
nvd.nist.gov/vuln/detail/CVE-2022-31101

Code Behaviors & Features

Detect and mitigate CVE-2022-31101 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →