Smartdatasoft Smartblog vulnerabilities
2 known vulnerabilities affecting smartdatasoft/smartblog.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-37538P1CRITICALCVSS 9.8ExploitedPoCfixed in 4.062021-08-24
CVE-2021-37538 [CRITICAL] CWE-89 CVE-2021-37538: Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
nvd
CVE-2020-36972P3HIGHCVSS 7.5v2.0.12026-01-28
CVE-2020-36972 [HIGH] CWE-89 CVE-2020-36972: SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the detai
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.
nvd