Description
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Authentication Vulnerability (CVE-2012-5887)
WordPress Plugin Testimonials Widget Cross-Site Scripting (3.5.1)
WordPress Plugin Comments-wpDiscuz Cross-Site Request Forgery (7.3.3)
IBM WebSEAL Use of Hard-coded Credentials Vulnerability (CVE-2018-1887)
PostgreSQL Cryptographic Issues Vulnerability (CVE-2011-2483)