SQL Injection Vulnerability in ApolloTheme AP PageBuilder Component for PrestaShop

SQL Injection Vulnerability in ApolloTheme AP PageBuilder Component for PrestaShop

CVE-2022-22897 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.