CVE-2023-6921

CRITICAL

PrestaShow Google Integrator < 2.1.4 - Blind SQL Injection via Cookie

Title source: llm
STIX 2.1

Description

Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.

Scores

CVSS v3 9.8
EPSS 0.0069
EPSS Percentile 48.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
prestashow/google_integrator < 2.1.4
Published Jan 08, 2024
Tracked Since Feb 18, 2026