Vulnerability Details CVE-2021-37593
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.8%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- http://www.netbytesec.com/advisories/UnauthenticatedBlindSQLInjectionVulnerabilityInPEELShopping/
- https://github.com/advisto/peel-shopping/issues/3
- https://github.com/faisalfs10x/CVE-IDs/blob/main/2021/CVE-2021-37593/Proof_of_Concept.md
- http://www.netbytesec.com/advisories/UnauthenticatedBlindSQLInjectionVulnerabilityInPEELShopping/
- https://github.com/advisto/peel-shopping/issues/3
- https://github.com/faisalfs10x/CVE-IDs/blob/main/2021/CVE-2021-37593/Proof_of_Concept.md
Products affected by CVE-2021-37593
-
cpe:2.3:a:peel:peel_shopping:9.4.0