CVE-2021-36748
HIGH NUCLEIPrestahome Blog < 1.7.8 - SQL Injection via sb_category Parameter
Title source: llmExploitation Summary
CVE-2021-36748 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.
Nuclei Templates (1)
PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection
HIGHby whoever
References (3)
Core 3
Core References
Product x_refsource_misc
https://blog.sorcery.ie
Product, Third Party Advisory x_refsource_misc
https://alysum5.promokit.eu/promokit/documentation/blog/
Exploit, Third Party Advisory x_refsource_misc
https://blog.sorcery.ie/posts/ph_simpleblog_sqli/
Scores
CVSS v3
7.5
EPSS
0.1484
EPSS Percentile
96.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
prestahome/blog
< 1.7.8
Published
Aug 20, 2021
Tracked Since
Feb 18, 2026