daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-3110.yaml

patch-1
Dhiyaneshwaran 2022-11-09 11:33:04 +05:30 committed by GitHub
parent b089b76505
commit 7b462eb0bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cves/2021/CVE-2021-3110.yaml
View File

@ -1,11 +1,17 @@
id: CVE-2021-3110
info:
name: prestshop CMS SQL Injection
name: PrestaShop 1.7.7.0 SQL Injection
author: Jaimin Gondaliya
severity: critical
description: Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-3110
description: |
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3110
- https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e
- https://www.exploit-db.com/exploits/49410
metadata:
verified: true
tags: cve,cve2021,sqli,prestshop
requests:
@ -18,5 +24,6 @@ requests:
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "average_grade")'
condition: and