cve/2022/CVE-2022-22897.md

### [CVE-2022-22897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22897)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.

### POC

#### Reference
- http://packetstormsecurity.com/files/168148/PrestaShop-Ap-Pagebuilder-2.4.4-SQL-Injection.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/01/05/appagebuilder.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/karimhabush/cyberowl
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-22897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22897)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/168148/PrestaShop-Ap-Pagebuilder-2.4.4-SQL-Injection.html`
			`- https://friends-of-presta.github.io/security-advisories/modules/2023/01/05/appagebuilder.html`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/karimhabush/cyberowl`