SQL Injection

High

atomiix published GHSA-2jx3-5j9v-prpp

Jun 24, 2022

Package

prestashop/blockwishlist (Composer)

Affected versions

>=2.0.0

Patched versions

2.1.1

Description

Impact

An authenticated customer can perform SQL injection

Patches

Issue is fixed in 2.1.1

Severity

High

8.1

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N