Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-21686
CVE-2022-21686:
PHP vulnerability analysis and mitigation
Overview
PrestaShop, an Open Source e-commerce platform, was affected by a Server Side Twig Template Injection vulnerability (CVE-2022-21686) that impacted versions 1.7.0.0 through 1.7.8.3. The vulnerability was discovered and disclosed on January 26, 2022, allowing attackers to inject Twig code inside the back office when using the legacy layout (GitHub Advisory).
Technical details
The vulnerability was classified as a Server Side Template Injection, specifically related to Twig template injection in the back office functionality when using the legacy layout. The issue was identified as CWE-94 (Improper Control of Generation of Code) and was rated as Moderate severity (GitHub Advisory).
Impact
The vulnerability allowed attackers to inject malicious Twig code inside the back office when using the legacy layout, potentially leading to code execution within the application context (GitHub Advisory).
Mitigation and workarounds
The vulnerability was patched in PrestaShop version 1.7.8.3. Users were advised to upgrade to this version as there were no known workarounds for this security issue (PrestaShop Release).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management