Prestashop releases patch for critical SQL vulnerability that lets any back-office user delete the database

Prestashop, a popular open-source e-commerce web application, has released a new version that addresses a critical-severity vulnerability. This vulnerability, tracked as CVE-2023-30839, allows any back-office user to write, update, or delete SQL databases regardless of their permissions.

The critical vulnerability, which has a CVSS v3.1 score of 9.9, can allow any user to perform unauthorized modifications on the online store’s database. This can potentially cause significant damage or service outage to impacted businesses.

According to Prestashop, versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. This means that a user can write, update, and delete in the database, even without having specific rights. However, Prestashop 8.0.4 and 1.7.8.9 contain a patch for this issue.

As of now, there are no known workarounds for this vulnerability. This means that businesses using Prestashop are advised to update their systems to the latest version as soon as possible to avoid any potential damage or service outage.

This vulnerability is a critical reminder of the importance of regularly updating software and applications to their latest versions. It also highlights the need for businesses to have robust security measures in place to protect their online systems and data.