Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSmartdatasoft Smartblog
APPSmartdatasoft< 4.06
Powiązane podatności
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details control...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDat...
The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before ...
The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting t...
The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capabi...