PrestaShop Product Comments <4.2.0 - SQL Injection

PrestaShop Product Comments module before version 4.2.1 contains a SQL injection vulnerability, An attacker can use a blind SQL injection to retrieve data or stop the MySQL service, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized administrative...

SQL Injection

prestashop/productcomments is vulnerable to SQL injection. An attacker is able to inject malicious query via comments fields to retrieve data or cause a denial of service...

GHSA-5V44-7647-XFW9 Blind SQL injection in PrestaShop productcomments module

Impact An attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. Patches The problem is fixed in 4.2.1...

Blind SQL injection in PrestaShop productcomments module

Impact An attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. Patches The problem is fixed in 4.2.1...

CVE-2021-3110

The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade idproducts parameter...

CVE-2021-3110

The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade idproducts parameter...

PrestaShop ProductComments 4.2.0 SQL Injection

Exploit Title: PrestaShop ProductComments 4.2.0 - 'idproducts' Time Based Blind SQL Injection Date: 2020-12-15 Exploit Author: Frederic ADAM Author contact: [email protected] Vendor Homepage: https://www.prestashop.com Software Link: https://github.com/PrestaShop/productcomments Version: 4.2.0...

PrestaShop ProductComments 4.2.0 - &#039;id_products&#039; Time Based Blind SQL Injection

​ Exploit Title: PrestaShop ProductComments 4.2.0 - 'idproducts' Time Based Blind SQL Injection Date: 2020-12-15 Exploit Author: Frederic ADAM Author contact: [email protected] Vendor Homepage: https://www.prestashop.com Software Link: https://github.com/PrestaShop/productcomments Version: 4.2.0...

Prestashop SQL Injection Vulnerability (CNVD-2020-70969)

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features . A SQL injection vulnerability exists in PrestaShop productcomments module versions...

CVE-2020-26248

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module...

CVE-2020-26248

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module...

Sql injection

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module...

CVE-2020-26248 Blind SQL injection during the CommentGrade process

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module...

CVE-2020-26248

CVE-2020-26248 affects the PrestaShop ProductComments module prior to version 4.2.1. The vulnerability is a blind SQL injection in the module, allowing an attacker to retrieve data or stop the MySQL service within the context of the affected site. The issue is fixed in 4.2.1 of the module. Public...

Prestashop SQL注入漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features . A SQL injection vulnerability exists in PrestaShop productcomments module versions...

Cross-Site Scripting (XSS)

prestashop/productcomments is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via various parameters within the application. The vulnerability exists as the content-type of the server response is not set to...