PrestaShop Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-3110 - Vulnerability Database
PrestaShop Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-3110
Critical
Reference:
CVE-2021-3110
Title:
PrestaShop Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the moduleproductcomments controllerCommentGrade id_products parameter.