First published: Thu Dec 03 2020(Updated: )
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Productcomments | <4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this PrestaShop module is CVE-2020-26248.
The severity rating of CVE-2020-26248 is high, with a value of 8.2.
CVE-2020-26248 affects PrestaShop module productcomments before version 4.2.1.
The risk associated with CVE-2020-26248 is that an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service.
You can fix CVE-2020-26248 by updating the productcomments module to version 4.2.1 or above.