Headline
CVE-2020-26248: prestashop/productcomments - Packagist
In the PrestaShop module “productcomments” before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
README****About
Allow users to post reviews on your products and/or rate them based on specific criteria.
Multistore compatibility
This module is partially compatible with the multistore feature. Some of its options might not be available.
Update dependency
The only dependency for this module (for now) is https://github.com/flaviusmatis/simplePagination.js.git You can install/update it by launching the command
# yarn install
(We use yarn because this library is not served as a package for npm).
This will install the library js in views/js folder.
Reporting issues
You can report issues with this module in the main PrestaShop repository. Click here to report an issue.
Contributing
PrestaShop modules are open source extensions to the PrestaShop e-commerce platform. Everyone is welcome and even encouraged to contribute with their own improvements!
Just make sure to follow our contribution guidelines.
License
This module is released under the Academic Free License 3.0