SmartDataSoft SmartBlog for PrestaShop - SQLi (CVE-2021-37538)

CVE-2021-37538 is a critical SQL injection vulnerability in SmartDataSoft SmartBlog for PrestaShop prior to version 4.06, allowing remote unauthenticated attackers to execute arbitrary SQL commands via multiple parameters. Exploitation of this flaw could lead to unauthorized access, data theft, or complete compromise of the underlying database.

CrowdSec has been tracking this vulnerability and its exploits since 10th of September 2025.

CrowdSec network observations suggest that most exploitation of CVE-2021-37538 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Data from the CrowdSec community also indicates a gradual decrease in attacks targeting CVE-2021-37538. While still present in the wild, exploitation levels have dropped noticeably week-over-week. This may signal that the vulnerability is becoming less relevant or that defenses are improving fast enough for attackers to lose interest.

Attackers exploit the /module/smartblog/archive endpoint by injecting SQL commands into the month, year, or day parameters, often using UNION-based payloads to extract sensitive data from the database.