CVE-2021-37593

Published
View on NVD ↗
CVSS v3
9.1
CRITICAL
CVSS v2
6.4
MEDIUM
Affected
1
PROJECT

Description

PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.

advisto/peel-shopping
advisto/peel-shoppingUNAVAILABLE
PEEL Shopping 9.0 : CMS ecommerce open source solution. Multilingual, multi-template engine Smarty or Twig, HTML 5, fast and reliable
GitHubGitHub
4