This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical **SQL Injection (SQLi)** flaw in the **PireosPay** module for PrestaShop.β¦
β οΈ **Threshold**: **LOW**. <br>π€ **Auth**: Exploitable by **Guests** (unauthenticated users). <br>βοΈ **Config**: No special configuration needed; if the vulnerable module is installed, the attack surface is open.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: **YES**. <br>π **PoC**: Proof-of-Concept available via **ProjectDiscovery Nuclei Templates**. <br>π **Status**: Actively being scanned and exploited in the wild due to easy availability.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1οΈβ£ Scan your PrestaShop instance for the **PireosPay** module. <br>2οΈβ£ Verify the module version is **< 1.7.10**.β¦
π₯ **Urgency**: **HIGH**. <br>β±οΈ **Priority**: **Immediate Action Required**. <br>π **Risk**: Since it affects guests and has public PoCs, unpatched sites are at imminent risk of data breach. Update NOW.