Blind SQL Injection Vulnerability in PrestaShop Module productcomments (Versions Prior to 4.2.1)

Blind SQL Injection Vulnerability in PrestaShop Module productcomments (Versions Prior to 4.2.1)

CVE-2020-26248 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.