CVE-2021-3110

Name of the Vulnerable Software and Affected Versions PrestaShop version 1.7.7.0

Description The store system in PrestaShop allows time-based boolean SQL injection via the id products[] parameter in the module=productcomments controller CommentGrade. This issue can be exploited through the /api/v1/login or similar API endpoints, but the specific endpoint is not clearly identified in the provided information. The id products[] parameter is the vulnerable parameter in this case.

Recommendations For PrestaShop version 1.7.7.0, consider disabling the CommentGrade controller or restricting access to the id products[] parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.