Open
Description
Product Version: 9.4.0
Author: Frentzen
CVE Assigned: CVE-2021-41672
Vulnerability Description: Authenticated user (with some administrator pivileges) can inject malicious query in order to achive SQL injection via "id_utilisateur" POST parameter on the /peel-shopping_9_4_0/administrer/utilisateurs.php endpoint. After this attack, attacker can read sensitive information from the database and until modify its data.
Vulnerable URL: http://localhost/peel-shopping_9_4_0/administrer/utilisateurs.php
Proof of Concept:
Metadata
Assignees
Labels
No labels

