diff --git a/cves/2021/CVE-2021-3110.yaml b/cves/2021/CVE-2021-3110.yaml index 5bed960a46..5d5be392ff 100644 --- a/cves/2021/CVE-2021-3110.yaml +++ b/cves/2021/CVE-2021-3110.yaml @@ -1,11 +1,17 @@ id: CVE-2021-3110 info: - name: prestshop CMS SQL Injection + name: PrestaShop 1.7.7.0 SQL Injection author: Jaimin Gondaliya severity: critical - description: Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection - reference: https://nvd.nist.gov/vuln/detail/CVE-2021-3110 + description: | + The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-3110 + - https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e + - https://www.exploit-db.com/exploits/49410 + metadata: + verified: true tags: cve,cve2021,sqli,prestshop requests: @@ -18,5 +24,6 @@ requests: dsl: - 'duration>=6' - 'status_code == 200' + - 'contains(content_type, "application/json")' - 'contains(body, "average_grade")' condition: and