CVE-2021-36748

A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:prestahome:blog:*:*:*:*:*:prestashop:*:*

History

21 Nov 2024, 06:14

Type Values Removed Values Added
References () https://alysum5.promokit.eu/promokit/documentation/blog/ - Product, Third Party Advisory () https://alysum5.promokit.eu/promokit/documentation/blog/ - Product, Third Party Advisory
References () https://blog.sorcery.ie - Product () https://blog.sorcery.ie - Product
References () https://blog.sorcery.ie/posts/ph_simpleblog_sqli/ - Exploit, Third Party Advisory () https://blog.sorcery.ie/posts/ph_simpleblog_sqli/ - Exploit, Third Party Advisory

30 Aug 2021, 11:34

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
References (MISC) https://blog.sorcery.ie/posts/ph_simpleblog_sqli/ - (MISC) https://blog.sorcery.ie/posts/ph_simpleblog_sqli/ - Exploit, Third Party Advisory
References (MISC) https://alysum5.promokit.eu/promokit/documentation/blog/ - (MISC) https://alysum5.promokit.eu/promokit/documentation/blog/ - Product, Third Party Advisory
References (MISC) https://blog.sorcery.ie - (MISC) https://blog.sorcery.ie - Product
CPE cpe:2.3:a:prestahome:blog:*:*:*:*:*:prestashop:*:*
CWE CWE-89

20 Aug 2021, 19:18

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-20 18:15

Updated : 2024-11-21 06:14


NVD link : CVE-2021-36748

Mitre link : CVE-2021-36748

CVE.ORG link : CVE-2021-36748


JSON object : View

Products Affected

prestahome

  • blog
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')