CVE-2021-37538 PoC — PrestaShop SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-37538.yaml

Associated Vulnerability

Title:PrestaShop SQL注入漏洞 (CVE-2021-37538)
Description:Prestashop是美国Prestashop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 SmartDataSoft SmartBlog for PrestaShop 4.06之前版本存在SQL注入漏洞，该漏洞源于软件中的controllers/front/archive.php archive controller的day、month或year参数或controllers/front/category.php category controller的id_

Description

PrestaShop SmartBlog by SmartDataSoft < 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.

File Snapshot


 id: CVE-2021-37538

info:
  name: PrestaShop SmartBlog <4.0.6 - SQL Injection
  author: whoever
  se

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!