漏洞描述
PrestaShop 的 xipblog 模块中存在 SQL 注入漏洞,特别是在 2.0.1 及更早版本中。此漏洞使远程攻击者能够利用 xipcategoryclass 和 xippostsclass 组件,从而可能使他们能够提升权限并执行未经授权的数据库查询。没有采取足够的输入验证措施,因此用户更新其安装以降低风险至关重要。
PrestaShop /module/xipblog/archive SQL 注入漏洞(CVE-2023-27847)
PoC代码
暂无相关漏洞推荐
- 无POCPrestaShop MyPrestaModules send.php 信息泄露漏洞(CVE-2023-39677)
- 无POCPrestaShop /module/tshirtecommerce/designer SQL 注入漏洞(CVE-2023-27637)
- 无POCPrestaShop SQL 注入漏洞(CVE-2023-46358)
- 无POCPrestaShop /module/askforaquote/QuotesCart SQL 注入漏洞(CVE-2023-27843)
- POCCVE-2018-10942: Prestashop AttributeWizardPro Module - Arbitrary File Upload
- POCCVE-2018-8823: PrestaShop Responsive Mega Menu Module - Remote Code Execution
- POCCVE-2020-26248: PrestaShop Product Comments <4.2.0 - SQL Injection
- POCCVE-2021-3110: PrestaShop 1.7.7.0 - SQL Injection
- POCCVE-2021-36748: PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection
- POCCVE-2021-37538: PrestaShop SmartBlog <4.0.6 - SQL Injection
- POCCVE-2022-22897: PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection
- POCCVE-2023-27032: PrestaShop AdvancedPopupCreator - SQL Injection
- POCCVE-2023-27637: PrestaShop `tshirtecommerce` Module - SQL Injection