.. / CVE-2021-36748

Exploit for PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection (CVE-2021-36748)

Description:

PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection (blind) via the sb_category parameter.

Nuclei Template

View the template here CVE-2021-36748.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-36748.yaml
Copy

References:

https://alysum5.promokit.eu/promokit/documentation/blog/
https://github.com/ARPSyndicate/cvemon
https://blog.sorcery.ie
https://nvd.nist.gov/vuln/detail/CVE-2021-36748
https://blog.sorcery.ie/posts/ph_simpleblog_sqli/