Skip to main content

CVE-2020-26248

Description

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.

NVD
Severity: HIGH
CVE ID: CVE-2020-26248
CVSS Score: 8.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

GitHub, Inc.
Severity: MEDIUM
CVE ID: CVE-2020-26248
CVSS Score: 6.8
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-26248

Refrence: Project Discovery GitHub

Description
Proof Of Concept