Описание
In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods mib::getManufacturersByCategory() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Ссылки
- Product
- PatchThird Party Advisory
- Product
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.1 (исключая)
cpe:2.3:a:mypresta:manufacturers_\(brands\)_images_block:*:*:*:*:*:prestashop:*:*
EPSS
Процентиль: 34%
0.00138
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
EPSS
Процентиль: 34%
0.00138
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89