CVE-2023-6921

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

B

lind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.

References

Link	Resource
https://cert.pl/en/posts/2024/01/CVE-2023-6921/	Third Party Advisory
https://cert.pl/posts/2024/01/CVE-2023-6921/	Third Party Advisory
https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html	Product
https://cert.pl/en/posts/2024/01/CVE-2023-6921/	Third Party Advisory
https://cert.pl/posts/2024/01/CVE-2023-6921/	Third Party Advisory
https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:prestashow:google_integrator:*:*:*:*:*:prestashop:*:*

History

21 Nov 2024, 08:44

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.1~~	v2 : unknown v3 : 9.8
References	~~() https://cert.pl/en/posts/2024/01/CVE-2023-6921/ - Third Party Advisory~~	() https://cert.pl/en/posts/2024/01/CVE-2023-6921/ - Third Party Advisory
References	~~() https://cert.pl/posts/2024/01/CVE-2023-6921/ - Third Party Advisory~~	() https://cert.pl/posts/2024/01/CVE-2023-6921/ - Third Party Advisory
References	~~() https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html - Product~~	() https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html - Product

Information

Published : 2024-01-08 12:15

Updated : 2024-11-21 08:44

NVD link : CVE-2023-6921

Mitre link : CVE-2023-6921

CVE.ORG link : CVE-2023-6921

JSON object : View

Products Affected

google_integrator

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-6921", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-01-08T12:15:46.513", "references": [{"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://cert.pl/posts/2024/01/CVE-2023-6921/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert.pl/posts/2024/01/CVE-2023-6921/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.\n"}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL ciega en PrestaShow Google Integrator (complemento PrestaShop) permite la extracci\u00f3n y modificaci\u00f3n de datos. Este ataque es posible mediante la inserci\u00f3n de un comando en una de las cookies."}], "lastModified": "2024-11-21T08:44:50.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prestashow:google_integrator:*:*:*:*:*:prestashop:*:*", "vulnerable": true, "matchCriteriaId": "6C4DFC6A-D90C-4E43-980E-2404E45E7983", "versionEndExcluding": "2.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}