Vulnerability Description
The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ).
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lineagrafica | Eu Cookie Law Gdpr | < 2.1.3 |
Related Weaknesses (CWE)
References
- https://addons.prestashop.com/en/legal/8734-eu-cookie-law-gdpr-banner-blocker.htProductThird Party Advisory
- https://securityandstuff.com/posts/cve-2022-44727/ExploitThird Party Advisory
- https://www.lineagrafica.es/modp/lgcookieslaw/en/readme_en.pdfProductVendor Advisory
- https://addons.prestashop.com/en/legal/8734-eu-cookie-law-gdpr-banner-blocker.htProductThird Party Advisory
- https://securityandstuff.com/posts/cve-2022-44727/ExploitThird Party Advisory
- https://www.lineagrafica.es/modp/lgcookieslaw/en/readme_en.pdfProductVendor Advisory
FAQ
What is CVE-2022-44727?
CVE-2022-44727 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ).
How severe is CVE-2022-44727?
CVE-2022-44727 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-44727?
Check the references section above for vendor advisories and patch information. Affected products include: Lineagrafica Eu Cookie Law Gdpr.