Описание
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method JmsSetting::getSecondImgs() has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.
Ссылки
- ExploitPatchThird Party Advisory
- Product
- ExploitPatchThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.0 (включая)
cpe:2.3:a:joommasters:jmssetting:*:*:*:*:*:prestashop:*:*
EPSS
Процентиль: 34%
0.00138
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.
EPSS
Процентиль: 34%
0.00138
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89