CVE-2020-26248
Published
CVSS v3
6.8
MEDIUM
CVSS v2
6.4
MEDIUM
Affected
2
PROJECTS
Description
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
Packagist
PrestaShop module that allows users to post reviews and rate products.
GitHub