Описание
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
EPSS
Процентиль: 49%
0.00259
Низкий
7.5 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
EPSS
Процентиль: 49%
0.00259
Низкий
7.5 High
CVSS3
Дефекты
CWE-89