CVE-2023-6921 - Vulnerability Details - OpenCVE

Description

Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.

Published: 2024-01-08

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

PrestaShow

PrestaShop Google Integrator

unaffected

Version	Status	Constraints
`0`	affected	< 2.1.4

Configuration 1 [-]

cpe:2.3:a:prestashow:google_integrator:*:*:*:*:*:prestashop:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-59120	Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00198.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://cert.pl/en/posts/2024/01/CVE-2023-6921/
https://cert.pl/posts/2024/01/CVE-2023-6921/
https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html

History

Mon, 16 Jun 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Prestashow Google Integrator

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-08T11:34:19.799Z

Updated: 2025-06-16T19:50:57.105Z

Reserved: 2023-12-18T15:08:09.463Z

Link: CVE-2023-6921

Vulnrichment

Updated: 2024-08-02T08:42:08.657Z

NVD

Status : Modified

Published: 2024-01-08T12:15:46.513

Modified: 2024-11-21T08:44:50.407

Link: CVE-2023-6921

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6921", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-12-18T15:08:09.463Z", "datePublished": "2024-01-08T11:34:19.799Z", "dateUpdated": "2025-06-16T19:50:57.105Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PrestaShop Google Integrator", "vendor": "PrestaShow", "versions": [{"lessThan": "2.1.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Piotr Zdunek"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.<br>"}], "value": "Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.\n"}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "CAPEC-7 Blind SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-08T11:34:19.799Z"}, "references": [{"tags": ["product"], "url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html"}, {"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/"}, {"url": "https://cert.pl/posts/2024/01/CVE-2023-6921/"}], "source": {"discovery": "UNKNOWN"}, "title": "SQL Injection in PrestaShop Google Integrator", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.657Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html"}, {"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/", "tags": ["x_transferred"]}, {"url": "https://cert.pl/posts/2024/01/CVE-2023-6921/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-02T20:30:38.541018Z", "id": "CVE-2023-6921", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T19:50:57.105Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html", "tags": ["product", "x_transferred"]}, {"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/", "tags": ["x_transferred"]}, {"url": "https://cert.pl/posts/2024/01/CVE-2023-6921/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.657Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6921", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-02T20:30:38.541018Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T19:50:52.286Z"}}], "cna": {"title": "SQL Injection in PrestaShop Google Integrator", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Piotr Zdunek"}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "CAPEC-7 Blind SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PrestaShow", "product": "PrestaShop Google Integrator", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html", "tags": ["product"]}, {"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/"}, {"url": "https://cert.pl/posts/2024/01/CVE-2023-6921/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.\n", "supportingMedia": [{"type": "text/html", "value": "Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-08T11:34:19.799Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6921", "state": "PUBLISHED", "dateUpdated": "2025-06-16T19:50:57.105Z", "dateReserved": "2023-12-18T15:08:09.463Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2024-01-08T11:34:19.799Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prestashow:google_integrator:*:*:*:*:*:prestashop:*:*", "matchCriteriaId": "6C4DFC6A-D90C-4E43-980E-2404E45E7983", "versionEndExcluding": "2.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.\n"}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL ciega en PrestaShow Google Integrator (complemento PrestaShop) permite la extracci\u00f3n y modificaci\u00f3n de datos. Este ataque es posible mediante la inserci\u00f3n de un comando en una de las cookies."}], "id": "CVE-2023-6921", "lastModified": "2024-11-21T08:44:50.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cvd@cert.pl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-08T12:15:46.513", "references": [{"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6921/"}, {"source": "cvd@cert.pl", "tags": ["Product"], "url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6921/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cvd@cert.pl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}