From 7b462eb0bc417599699c9cc2202d495c4bea0f53 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 9 Nov 2022 11:33:04 +0530
Subject: [PATCH] Update CVE-2021-3110.yaml

---
 cves/2021/CVE-2021-3110.yaml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/cves/2021/CVE-2021-3110.yaml b/cves/2021/CVE-2021-3110.yaml
index 5bed960a46..5d5be392ff 100644
--- a/cves/2021/CVE-2021-3110.yaml
+++ b/cves/2021/CVE-2021-3110.yaml
@@ -1,11 +1,17 @@
 id: CVE-2021-3110
 
 info:
-  name: prestshop CMS SQL Injection
+  name: PrestaShop 1.7.7.0 SQL Injection
   author: Jaimin Gondaliya
   severity: critical
-  description: Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2021-3110
+  description: |
+    The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-3110
+    - https://medium.com/@gondaliyajaimin797/cve-2021-3110-75a24943ca5e
+    - https://www.exploit-db.com/exploits/49410
+  metadata:
+    verified: true
   tags: cve,cve2021,sqli,prestshop
 
 requests:
@@ -18,5 +24,6 @@ requests:
         dsl:
           - 'duration>=6'
           - 'status_code == 200'
+          - 'contains(content_type, "application/json")'
           - 'contains(body, "average_grade")'
         condition: and