Title:Prestashop SQL注入漏洞 (CVE-2021-36748) Description:Prestashop是美国Prestashop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 Prestashop 1.7.8之前版本存在SQL注入漏洞,该漏洞源于软件中的Prestahome Blog (又名ph_simpleblog)模块的列表控制器中对于sb_category参数没有进行有效的验证,这允许远程攻击者可利用该漏洞从数据库中提取数据。
Description
PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection (blind) via the sb_category parameter.
File Snapshot
id: CVE-2021-36748
info:
name: PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection
author: wh
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.