exploitDog

CVE-2021-36748

Опубликовано: 20 авг. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Высокий

Описание

A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.

Ссылки

https://alysum5.promokit.eu/promokit/documentation/blog/
Product
Third Party Advisory
https://blog.sorcery.ie
Product
https://blog.sorcery.ie/posts/ph_simpleblog_sqli/
Exploit
Third Party Advisory
https://alysum5.promokit.eu/promokit/documentation/blog/
Product
Third Party Advisory
https://blog.sorcery.ie
Product
https://blog.sorcery.ie/posts/ph_simpleblog_sqli/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestahome:blog:*:*:*:*:*:prestashop:*:*

Версия до 1.7.8 (исключая)

EPSS

Процентиль: 99%

0.83038

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2497-vx3h-24wc

github

больше 3 лет назад

A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.

EPSS

Процентиль: 99%

0.83038

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89