Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in PrestaShop SQL Manager
Alerts

Critical Vulnerability in PrestaShop SQL Manager

27 April 2023

PrestaShop has released security updates to address a critical vulnerability (CVE-2023-30839) affecting PrestaShop SQL Manager. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.9 out of 10.

Successful exploitation of the vulnerability could allow an attacker with a user account to perform unauthorised modifications, which include writing, updating or deleting SQL databases.

The vulnerability affects PrestaShop versions 8.0.3 and earlier.

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822

https://www.bleepingcomputer.com/news/security/prestashop-fixes-bug-that-lets-any-backend-user-delete-databases/

Back to top