Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
References
Link | Resource |
---|---|
https://blog.sorcery.ie/posts/smartblog_sqli/ | Exploit Third Party Advisory |
https://classydevs.com/free-modules/smartblog/ | Product Vendor Advisory |
Configurations
History
No history.
Information
Published : 2021-08-24 13:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-37538
Mitre link : CVE-2021-37538
CVE.ORG link : CVE-2021-37538
JSON object : View
Products Affected
smartdatasoft
- smartblog
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')