CVE-2022-22897

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 10, 2022
Published Date: August 29, 2022
Last Updated: August 03, 2024
Vendor: ApolloTheme
Product: AP PageBuilder for PrestaShop
Description: A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score: 86.13% (Percentile: 99.35%) as of 2025-07-29

Exploit Status

Exploited in the Wild: Yes (2025-07-06 00:00:00 UTC) Source

References

http://packetstormsecurity.com/files/168148/PrestaShop-Ap-Pagebuilder-2.4.4-SQL-Injection.html https://friends-of-presta.github.io/security-advisories/modules/2023/01/05/appagebuilder.html

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-07-07 12:01:23 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22897.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

January 10, 2022
CVE Published to Public

August 29, 2022
Detected by Nuclei

April 26, 2025
Added to KEVIntel

July 07, 2025