PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-27T23:12:15

Updated: 2024-08-04T01:23:01.335Z

Reserved: 2021-07-27T00:00:00

Link: CVE-2021-37593

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-07-30T14:15:18.617

Modified: 2024-11-21T06:15:29.130

Link: CVE-2021-37593

cve-icon Redhat

No data.