CVE-2022-22897

CRITICAL EXPLOITED NUCLEI

Apollotheme AP Pagebuilder < 2.4.5 - SQL Injection

Title source: rule

Description

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.

Nuclei Templates (1)

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection

CRITICALVERIFIEDby mastercho

Shodan: http.component:"prestashop"

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/168148/PrestaShop-Ap-Pagebuilder-2.4.4-SQL-Injection.html

[Exploit, Patch, Vendor Advisory] https://friends-of-presta.github.io/security-advisories/modules/2023/01/05/appagebuilder.html

Scores

CVSS v3 9.8

EPSS 0.9104

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-08-06

CWE

CWE-89

Status published

Products (1)

apollotheme/ap_pagebuilder < 2.4.5

Published Aug 29, 2022

Tracked Since Feb 18, 2026