CVE-2023-6921

State: PUBLISHED · Published: 2024-01-08 · Updated: 2025-06-16 · Assigner: CERT-PL

Description

Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.

CWE

CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected

PrestaShow / PrestaShop Google Integrator — v=0 <2.1.4 [affected]

CVSS

3.1 score=9.8 severity=CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html product
https://cert.pl/en/posts/2024/01/CVE-2023-6921/
https://cert.pl/posts/2024/01/CVE-2023-6921/

Source

cvelistV5-main/cves/2023/6xxx/CVE-2023-6921.json