Security
Headlines

Headlines Latest CVEs

Headline

GHSA-2jx3-5j9v-prpp: SQL Injection in BlockWishList

Impact

An authenticated customer can perform SQL injection

Patches

Issue is fixed in 2.1.1

2 years ago

#sql #git #auth

SQL Injection in BlockWishList

High severity GitHub Reviewed Published Jun 25, 2022 in PrestaShop/blockwishlist • Updated Jun 25, 2022

Related news

Prestashop Blockwishlist 2.1.0 SQL Injection

Prestashop Blockwishlist module version 2.1.0 suffers from a remote SQL injection vulnerability.

2 years ago

#sql #vulnerability #web #linux #git #auth #docker

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

2 years ago

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

1 day ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

1 day ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

1 day ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

1 day ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

1 day ago