CVE-2020-36972
Published
CVSS v3
8.2
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.
SmartBlog is one of the most powerful PrestaShop blog module .Prestashop 1.6 & 1.7 Smart Blog Module
GitHub