google_integrator- PrestaShop module vulnerability (CVE-2023-6921)
Modulegoogle_integrator
Score
9.8 CriticalDate publish
08-01-2024Versiones afectadas
- Less than 2.1.4
Description
Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.References
Metrics
| cvssMetricV31 | |||||
|---|---|---|---|---|---|
| source | cvd@cert.pl | nvd@nist.gov | |||
| type | Secondary | Primary | |||
| version | 3.1 | 3.1 | |||
| vectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | |||
| baseScore | 9.8 | 9.1 | |||
| baseSeverity | CRITICAL | CRITICAL | |||
| attackVector | NETWORK | NETWORK | |||
| attackComplexity | LOW | LOW | |||
| privilegesRequired | NONE | NONE | |||
| userInteraction | NONE | NONE | |||
| scope | UNCHANGED | UNCHANGED | |||
| confidentialityImpact | HIGH | HIGH | |||
| integrityImpact | HIGH | HIGH | |||
| availabilityImpact | HIGH | NONE | |||
| exploitabilityScore | 3.9 | 3.9 | |||
| impactScore | 5.9 | 5.2 | |||