Impact
The module Redirections Manager (smplredirectionsmanager) from Smart Plugs contains a Blind SQL injection vulnerability up to version 1.1.19.
This module is for the PrestaShop e-commerce platform.
Patches
The release 1.1.19 fix the issue.
Workarounds
--- a/smplredirectionsmanager/classes/SmplTools.php
+++ b/smplredirectionsmanager/classes/SmplTools.php
@@ -104,10 +104,10 @@ class SmplTools
}
}
$contrainte_request_uri .= ($contrainte_request_uri ? ' OR' : '').' old_request_path="'.
- pSQL(preg_replace('#\?.*#', '', $smpl_relative_uri)).'?'.$str_querystring.'"';
+ pSQL(preg_replace('#\?.*#', '', $smpl_relative_uri)).'?'.pSQL($str_querystring).'"';
foreach ($smpl_absolute_uris as $smpl_absolute_uri) {
$contrainte_request_uri .= ' OR old_request_path="'.
- pSQL(preg_replace('#\?.*#', '', $smpl_absolute_uri)).'?'.$str_querystring.'"';
+ pSQL(preg_replace('#\?.*#', '', $smpl_absolute_uri)).'?'.pSQL($str_querystring).'"';
}
}
} else {Links
Module on PrestaShop Addons
Security Advisory
Timeline
| Date |
Action |
| 2022-10-10 |
Issue discovered during a pentest |
| 2022-10-11 |
Contact the author |
| 2022-11-14 |
Fix published on addons PrestaShop marketplace |
| 2023-01-12 |
Request CVE ID |
| 2023-01-17 |
Publish this security advisory |
touchweb-vincent Analyst
jf-viguier Analyst
Impact
The module Redirections Manager (smplredirectionsmanager) from Smart Plugs contains a Blind SQL injection vulnerability up to version 1.1.19.
This module is for the PrestaShop e-commerce platform.
Patches
The release 1.1.19 fix the issue.
Workarounds
Links
Module on PrestaShop Addons
Security Advisory
Timeline