Vulnerability Description
Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashow | Google Integrator | < 2.1.4 |
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2024/01/CVE-2023-6921/Third Party Advisory
- https://cert.pl/posts/2024/01/CVE-2023-6921/Third Party Advisory
- https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gProduct
- https://cert.pl/en/posts/2024/01/CVE-2023-6921/Third Party Advisory
- https://cert.pl/posts/2024/01/CVE-2023-6921/Third Party Advisory
- https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gProduct
FAQ
What is CVE-2023-6921?
CVE-2023-6921 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.
How severe is CVE-2023-6921?
CVE-2023-6921 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-6921?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashow Google Integrator.