In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "4.2.1"
}
],
"cpe": "cpe:2.3:a:prestashop:productcomments:*:*:*:*:*:prestashop:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
]
}