Vulnerability Details CVE-2022-22897
A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.861
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 9.8
References
- http://packetstormsecurity.com/files/168148/PrestaShop-Ap-Pagebuilder-2.4.4-SQL-Injection.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/01/05/appagebuilder.html
- http://packetstormsecurity.com/files/168148/PrestaShop-Ap-Pagebuilder-2.4.4-SQL-Injection.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/01/05/appagebuilder.html
Products affected by CVE-2022-22897
-
cpe:2.3:a:apollotheme:ap_pagebuilder:-
-
cpe:2.3:a:apollotheme:ap_pagebuilder:2.4.4
-
cpe:2.3:a:apollotheme:ap_pagebuilder:2.4.5