Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2022-31101

Published: 27/06/2022 Updated: 09/12/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Blockwishlist

Vulnerability Summary

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

prestashop blockwishlist

Exploits

Exploit DB: Prestashop Blockwishlist 2.1.0 SQL Injection
Prestashop Blockwishlist module version 210 suffers from a remote SQL injection vulnerability ...

Github Repositories

https://github.com/MathiasReker/blmvuln

Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101

Fix Major Security Vulnerability on PrestaShop Websites 🚀 CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to take control of your shop Read more about the vulnerability here: buildprestashopcom/news/major-security-vulnerability-on-prestashop-websites/ Fix the backdoor The module will make a security fix that streng

https://github.com/karthikuj/CVE-2022-31101

Exploit for PrestaShop bockwishlist module 2.1.0 SQLi (CVE-2022-31101)

CVE-2022-31101 Exploit for PrestaShop bockwishlist module 210 SQLi (CVE-2022-31101) Usage python3 cve-2022-31101py Give the url to the wishlist when prompted Example of a url: examplecom/module/blockwishlist/view?id_wishlist=1 Give the cookies for your account when prompted Now it will start attacking the website In action Note This exploit assumes the prefix f

https://github.com/LDrakura/CVE-Monitor

GitHubApi CVE Poc监控工具

CveMonitor 0x01 功能说明 通过搜索功能,在github搜索cve关键字,对最近15分钟内结果进行处理,对比出新增POC,并通过钉钉/飞书进行通知(在lib/Noticepy中修改机器人token) 使用说明: ➜ python3 cveMonitorpy 2022-07-25 15:10:02 Github总数量:968 2022-07-25 15:10:02 SELECT * FROM Monitor WHERE gitname = 'blmvuln&#

https://github.com/MathiasReker/blm-vlun

Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101

Fix Major Security Vulnerability on PrestaShop Websites 🚀 CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to take control of your shop Read more about the vulnerability here: buildprestashopcom/news/major-security-vulnerability-on-prestashop-websites/ Fix the backdoor The module will make a security fix that streng

References

CWE-89https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpphttps://github.com/PrestaShop/blockwishlist/commit/b3ec4b85af5fd73f74d55390b226d221298ca084http://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.htmlhttps://github.com/MathiasReker/blmvuln
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook