Description

The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.

Remediation

References

CVE-2021-3110

Related Vulnerabilities

Oracle Database Server CVE-2011-2238 Vulnerability (CVE-2011-2238)

Plone CMS Missing Authentication for Critical Function Vulnerability (CVE-2020-35190)

OpenSSL Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1473)

Django Improper Certificate Validation Vulnerability (CVE-2020-13254)

Lighttpd Other Vulnerability (CVE-2011-4362)

Severity

Critical

Classification

CVE-2021-3110 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities