Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop prior to 4.06 allow a remote unauthenticated malicious user to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smartdatasoft smartblog |