CVE-2023-27032

CVSS V2 None CVSS V3 None
Description
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().
Overview
  • CVE ID
  • CVE-2023-27032
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-12T14:15:07
  • Last Modified Date
  • 2023-04-19T19:34:27
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:idnovate:popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter:*:*:*:*:*:prestashop:*:* 1 OR 1.1.21 1.1.25
References
Reference URL Reference Tags
https://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.html
https://friends-of-presta.github.io/security-advisories/modules/2023/04/11/advancedpopupcreator.html
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-27032
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27032
History
Created Old Value New Value Data Type Notes
2023-04-17 04:36:25 Added to TrackCVE
2023-04-18 13:00:40 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-19 20:00:57 2023-04-19T19:34:27 CVE Modified Date updated
2023-04-19 20:00:58 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-19 20:00:59 Weakness Enumeration new
2023-04-19 20:01:01 CPE Information updated