CVE-2021-3110 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in PrestaShop affects v. 1.7.7.0.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month
Scan only one
Domain, IPv4
Toolbox
-
PrestaShop is an open-source e-commerce platform that allows businesses to set up and manage their online stores easily. The platform has a sleek and user-friendly interface, making it accessible to even those with little to no technical background. Businesses can customize their store design and features to suit their brand and target audience. PrestaShop is a powerful tool for businesses looking to expand their online presence and reach a wider customer base.
CVE-2021-3110 is a vulnerability detected in PrestaShop 1.7.7.0. The vulnerability lies in the store system, particularly in the module=productcomments controller=CommentGrade id_products[] parameter, which allows time-based boolean SQL injection. Given that SQL injection is one of the most common web application vulnerabilities, this particular vulnerability could have severe consequences.
Exploiting this vulnerability could lead to unauthorized data access and manipulation, making confidential customer information vulnerable to theft. Attackers can use this vulnerability to execute arbitrary code, resulting in a complete compromise of the vulnerable system.
s4e.io is a platform that offers pro features for those interested in cybersecurity. By using this platform, users can quickly and easily learn about vulnerabilities in their digital assets. They can take proactive measures to secure their online presence while minimizing the risk of data breaches. By taking advantage of such platforms, businesses can ensure their reputation and customer trust remain intact.
REFERENCES