CVE-2023-6921 – CVE-2023-6921 is a blind SQL injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-6921?

CVE-2023-6921 has a CVSS score of 9.8 (CRITICAL). CVE-2023-6921 is a blind SQL injection vulnerability in the PrestaShow Google Integrator addon for PrestaShop that allows attackers to extract or modify database data by injecting malicious SQL commands via cookie manipulation. This affects PrestaShop websites using the vulnerable addon. Attackers can potentially access sensitive information like customer data, orders, or administrative credentials.

📋 TL;DR

CVE-2023-6921 is a blind SQL injection vulnerability in the PrestaShow Google Integrator addon for PrestaShop that allows attackers to extract or modify database data by injecting malicious SQL commands via cookie manipulation. This affects PrestaShop websites using the vulnerable addon. Attackers can potentially access sensitive information like customer data, orders, or administrative credentials.

💻 Affected Systems

Products:

PrestaShow Google Integrator (PrestaShop addon)

Versions: All versions before the fix

Operating Systems: All - vulnerability is in the PHP application

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects PrestaShop installations with the PrestaShow Google Integrator addon installed and enabled.

📦 What is this software?

Google Integrator by Prestashow

View all CVEs affecting Google Integrator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, privilege escalation, and potential full system takeover if database credentials allow broader access.

🟠

Likely Case

Extraction of sensitive customer data (personal information, payment details), modification of orders or prices, and potential administrative account takeover.

🟢

If Mitigated

Limited data exposure if database permissions are properly restricted and sensitive data is encrypted.

🌐 Internet-Facing: HIGH - PrestaShop stores are typically internet-facing, making them directly accessible to attackers worldwide.

🏢 Internal Only: LOW - This is primarily an internet-facing application vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via cookie manipulation is well-understood and easy to automate. The blind nature requires more requests but doesn't significantly increase complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Updated version from vendor

Vendor Advisory: https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html

Restart Required: No

Instructions:

1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find 'PrestaShow Google Integrator'. 4. Update to latest version. 5. Clear PrestaShop cache.

🔧 Temporary Workarounds

Disable vulnerable module

all

Temporarily disable the PrestaShow Google Integrator module until patched

Navigate to Modules > Module Manager in PrestaShop admin, find 'PrestaShow Google Integrator', click Disable

WAF rule for SQL injection in cookies

all

Implement web application firewall rules to block SQL injection patterns in cookie values

Depends on WAF platform - configure rules to inspect and block SQL keywords in cookie parameters

🧯 If You Can't Patch

Implement strict input validation and parameterized queries for all cookie processing
Deploy a web application firewall with SQL injection protection for cookie parameters

🔍 How to Verify

Check if Vulnerable:

Check if PrestaShow Google Integrator module is installed and enabled in PrestaShop admin panel under Modules > Module Manager

Check Version:

Check module version in PrestaShop admin panel under Modules > Module Manager > PrestaShow Google Integrator

Verify Fix Applied:

Verify module version is updated to latest and test cookie parameter handling with SQL injection test payloads

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple requests with SQL keywords in cookie values
Patterns of failed login attempts following cookie manipulation

Network Indicators:

HTTP requests containing SQL injection patterns in Cookie headers
Unusual database query patterns from application server

SIEM Query:

source="web_logs" AND (Cookie="*UNION*" OR Cookie="*SELECT*" OR Cookie="*INSERT*" OR Cookie="*UPDATE*" OR Cookie="*DELETE*")

📊 Metadata

CVE ID: CVE-2023-6921

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 8, 2024

Last Updated: November 21, 2024

🔗 References

https://cert.pl/en/posts/2024/01/CVE-2023-6921/ Third Party Advisory
https://cert.pl/posts/2024/01/CVE-2023-6921/ Third Party Advisory
https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html Product
https://cert.pl/en/posts/2024/01/CVE-2023-6921/ Third Party Advisory
https://cert.pl/posts/2024/01/CVE-2023-6921/ Third Party Advisory
https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6921, you might also want to check these: