Skip to content

Blind SQL injection in PrestaShop productcomments module

Low severity GitHub Reviewed Published Dec 3, 2020 in PrestaShop/productcomments • Updated Feb 1, 2023

Package

composer prestashop/productcomments (Composer)

Affected versions

>= 4.0.0, < 4.2.1

Patched versions

4.2.1

Description

Impact

An attacker can use a Blind SQL injection to retrieve data or stop the MySQL service.

Patches

The problem is fixed in 4.2.1

References

@PierreRambaud PierreRambaud published to PrestaShop/productcomments Dec 3, 2020
Published by the National Vulnerability Database Dec 3, 2020
Reviewed Jan 20, 2021
Published to the GitHub Advisory Database Jan 20, 2021
Last updated Feb 1, 2023

Severity

Low

EPSS score

1.888%
(89th percentile)

Weaknesses

CVE ID

CVE-2020-26248

GHSA ID

GHSA-5v44-7647-xfw9

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.