What is CVE-2021-37538?

CVE-2021-37538 is a vulnerability in N/a. Published 2021-08-24.

Is CVE-2021-37538 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-37538

Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.p…

EPSS: 0.917 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
patrickmgarrity/threatcon1-lab
youcans896768/APIV_

References

classydevs.com/free-modules/smartblog/ (x_refsource_MISC)
blog.sorcery.ie/posts/smartblog_sqli/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-37538?: CVE-2021-37538 is a vulnerability in N/a. Published 2021-08-24.
Is CVE-2021-37538 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.