Home > Vulnerability Database > CVE-2021-3110

Mend.io Vulnerability Database

CVE-2021-3110

Good to know:

Date: January 20, 2021

The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.

Language: PHP

Severity Score

9.8

Related Resources (5)

Url: https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e

Url: https://medium.com/%40gondaliyajaimin797/cve-2021-3110-75a24943ca5e

Url: https://www.exploit-db.com/exploits/49410

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3110

Url: https://www.mend.io/vulnerability-database/CVE-2021-3110

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version prestashop/prestashop - dev-1.7.8.2-build;prestashop/prestashop - dev-myTesting;prestashop/prestashop - dev-refacto/loginPage;prestashop/prestashop - dev-1.7.8.7-release;prestashop/prestashop - dev-178x-update-default-catalogue;prestashop/prestashop - dev-product-v2-link-inputs;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/mocha-10.0.0;prestashop/prestashop - dev-fix/nightly-workflow;prestashop/prestashop - 8.0.x-dev;prestashop/prestashop - dev-voucher-enable;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/jsdoc-to-markdown-7.1.1;prestashop/prestashop - dev-fix-warning-message-modauth;prestashop/prestashop - dev-translation-extract;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/chai-4.3.6;prestashop/prestashop - dev-1.7.8.x-8.0.x;prestashop/prestashop - no_fix;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/pdfjs-dist-2.16.105;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/pdfjs-dist-3.0.279;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/faker-js/faker-7.6.0;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-config-prestashop-0.1.1;prestashop/prestashop - dev-dependency/faker;prestashop/prestashop - dev-docker/support-DEV_MODE;prestashop/prestashop - dev-actions/sanityV2;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/playwright-1.27.1;prestashop/prestashop - dev-marionf-patch-1;prestashop/prestashop - 1.7.8.0-rc.1;prestashop/prestashop - 1.7.8.6;prestashop/prestashop - dev-cron-js-routing;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/mochawesome-7.1.3;prestashop/prestashop - 1.7.7.7;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-html-7.1.0;prestashop/prestashop - dev-florine2623-suppliers-import-test-auto;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/faker-js/faker-7.5.0;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-config-airbnb-base-15.0.0;prestashop/prestashop - dev-catalog-extract;prestashop/prestashop - dev-8.0.0-rc;prestashop/prestashop - dev-8.0.0-rc1;ycms/prestashop - 1.5.0.0;ycms/prestashop - no_fix;prestashop/header-stamp - v2.0;prestashop/header-stamp - v1.0;sumitqlo/sumitqlo - no_fix;ravaljigesh/prestolara - no_fix;abhishek-webkul/special-guide-1 - no_fix;sumitwebkul/hotelcommerce - no_fix;prestashop/smarty - 3.1.31.x-dev

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3110

Good to know:

Date: January 20, 2021

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?