平台
php
组件
prestashop-google-integrator
修复版本
2.1.5
A critical SQL Injection vulnerability (CVE-2023-6921) has been identified in the PrestaShop Google Integrator plugin, affecting versions from 0.0 up to and including 2.1.4. This flaw allows attackers to inject malicious SQL commands, potentially leading to unauthorized data extraction and modification. The vulnerability is triggered through command insertion within a cookie, making exploitation relatively straightforward. A fix is available in version 2.1.4.
The impact of this SQL Injection vulnerability is severe. An attacker can leverage it to bypass authentication and authorization mechanisms, gaining unauthorized access to the PrestaShop database. This could lead to the theft of sensitive customer data, including usernames, passwords, addresses, and payment information. Furthermore, attackers could modify product details, pricing, or inventory levels, disrupting business operations. The ability to modify data also opens the door to more sophisticated attacks, such as injecting malicious code into the database to compromise the entire PrestaShop installation. The cookie-based injection method simplifies exploitation, potentially allowing for automated attacks and widespread compromise.
CVE-2023-6921 was publicly disclosed on January 8, 2024. While no active exploitation campaigns have been definitively confirmed, the ease of exploitation and the critical severity of the vulnerability make it a high-priority target for attackers. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
PrestaShop stores using the Google Integrator plugin, particularly those running older versions (0.0 - 2.1.4), are at significant risk. Shared hosting environments where multiple PrestaShop installations share the same database are especially vulnerable, as a successful attack on one site could potentially compromise the entire database. Any PrestaShop deployment that has not been regularly updated and patched is also at increased risk.
• php / web server:
grep -r "SELECT .* FROM" /var/www/prestashop/modules/googleshop/classes/GoogleShop.php• php / web server:
curl -I 'http://your-prestashop-site/?cookie=test; SQLInjection=';• generic web: Check PrestaShop error logs for SQL syntax errors or unusual database activity. • generic web: Monitor cookie values for unexpected SQL commands or patterns.
disclosure
漏洞利用状态
EPSS
0.20% (42% 百分位)
CVSS 向量
The primary mitigation for CVE-2023-6921 is to immediately upgrade the PrestaShop Google Integrator plugin to version 2.1.4 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out malicious SQL commands within cookie parameters. Specifically, look for unusual characters or patterns indicative of SQL injection attempts. Additionally, carefully review and sanitize all user inputs, particularly those received through cookies, to prevent further exploitation. After upgrading, confirm the fix by attempting to inject a simple SQL query through a cookie and verifying that it does not return any database information.
Actualice el módulo PrestaShop Google Integrator a la versión 2.1.4 o superior. Esta actualización corrige la vulnerabilidad de inyección SQL. Puede actualizar el módulo a través del panel de administración de PrestaShop.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2023-6921 is a critical SQL Injection vulnerability affecting PrestaShop Google Integrator versions 0.0 - 2.1.4, allowing attackers to extract and modify data through cookie manipulation.
If you are using PrestaShop Google Integrator version 0.0 - 2.1.4, you are vulnerable. Upgrade to version 2.1.4 or later to mitigate the risk.
Upgrade the PrestaShop Google Integrator plugin to version 2.1.4 or later. If immediate upgrade is not possible, implement WAF rules to filter malicious SQL commands.
While no active exploitation campaigns have been definitively confirmed, the vulnerability's severity and ease of exploitation make it a high-priority target.
Refer to the PrestaShop security advisory for detailed information and updates: [https://security.prestashop.com/](https://security.prestashop.com/)