PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-27T23:12:15
Updated: 2024-08-04T01:23:01.335Z
Reserved: 2021-07-27T00:00:00
Link: CVE-2021-37593
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-07-30T14:15:18.617
Modified: 2024-11-21T06:15:29.130
Link: CVE-2021-37593
Redhat
No data.