CVE-2023-6921

Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert.pl/en/posts/2024/01/CVE-2023-6921/	Third Party Advisory
https://cert.pl/posts/2024/01/CVE-2023-6921/	Third Party Advisory
https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:prestashow:google_integrator:*:*:*:*:*:prestashop:*:*

History

No history.

Information

Published : 2024-01-08 12:15

Updated : 2024-01-11 20:57

NVD link : CVE-2023-6921

Mitre link : CVE-2023-6921

CVE.ORG link : CVE-2023-6921

JSON object : View

Products Affected

prestashow

google_integrator

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-6921", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-01-08T12:15:46.513", "references": [{"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/", "tags": ["Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/01/CVE-2023-6921/", "tags": ["Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html", "tags": ["Product"], "source": "cvd@cert.pl"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.\n"}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL ciega en PrestaShow Google Integrator (complemento PrestaShop) permite la extracci\u00f3n y modificaci\u00f3n de datos. Este ataque es posible mediante la inserci\u00f3n de un comando en una de las cookies."}], "lastModified": "2024-01-11T20:57:37.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prestashow:google_integrator:*:*:*:*:*:prestashop:*:*", "vulnerable": true, "matchCriteriaId": "6C4DFC6A-D90C-4E43-980E-2404E45E7983", "versionEndExcluding": "2.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "cvd@cert.pl"}