CVE-2023-27032
published 2023-04-12CVE-2023-27032: Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().
PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.04%
85.9th percentile
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| idnovate | popup_module_and_newsletter | >= 1.1.21 < 1.1.25 | 1.1.25 |
Detection & IOCsextracted from sources · hover to see the quote
url/module/advancedpopupcreator/popup
commandavailablePopups=if(now()=sysdate()%2Csleep(6)%2C0)&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
commandfromController=(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'"%2B(select(0)from(select(sleep(6)))v)%2B"*/&id_category=0&id_cms=1&id_manufacturer=0&id_product=0&id_supplier=0&referrer=1&responsiveWidth=1280&time={{time}}&token={{token}}&updateVisits=1&url=https%253A%252F%252F{{Hostname}}%252F
commandavailablePopups=-8514)%20OR%206158%3d6158--%20eKWg&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
commandavailablePopups=-8514)%20OR%206158%3d6157--%20eKWg&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
- →Monitor POST requests to /module/advancedpopupcreator/popup for SQL injection payloads in the `availablePopups` and `fromController` parameters, particularly time-based sleep() injections and boolean-based OR conditions.
- →Time-based SQLi detection: response duration >= 6 seconds combined with HTTP 200 and body containing 'hasError' indicates successful sleep() injection via `availablePopups` or `fromController` parameters.
- →Blind boolean-based SQLi detection: a response containing 'selector' for the true condition payload (-8514) OR 6158=6158) and absence of 'selector' for the false condition payload (-8514) OR 6158=6157) confirms exploitation.
- →Shodan fingerprinting query for exposed PrestaShop instances potentially running the vulnerable module: http.component:"prestashop"
- →The vulnerable code path is AdvancedPopup::getPopups() — look for unsanitized input flowing into SQL queries from that method in module source code audits. ↗
- →Affected versions are advancedpopupcreator v1.1.21 through v1.1.24; presence of these versions on a PrestaShop instance should be treated as a high-priority finding. ↗
- ·Exploitation requires no authentication — the SQL injection endpoint /module/advancedpopupcreator/popup is accessible to unauthenticated guests, maximising exposure.
- ·The Nuclei template uses a two-stage flow: first extracting a `time` value and `static_token` from the homepage (GET /), then injecting into the popup endpoint. Detection rules must account for this token-extraction pre-step when replaying or blocking.
- ·The template covers both time-based (sleep(6)) and blind boolean-based injection techniques; WAF/IDS rules should cover both variants to avoid partial detection gaps.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m963-5mrx-529j: Prestashop advancedpopupcreator v1
ghsa_unreviewed·2023-04-12
CVE-2023-27032 [CRITICAL] CWE-89 GHSA-m963-5mrx-529j: Prestashop advancedpopupcreator v1
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().
VulnCheck
idnovate popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2023·CVSS 9.8
CVE-2023-27032 [CRITICAL] idnovate popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
idnovate popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().
Affected: idnovate popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2023-27032
No detection rules found.
Nuclei
PrestaShop AdvancedPopupCreator - SQL Injection
nuclei·CVSS 9.8
CVE-2023-27032 [CRITICAL] PrestaShop AdvancedPopupCreator - SQL Injection
PrestaShop AdvancedPopupCreator - SQL Injection
In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.
Template:
id: CVE-2023-27032
info:
name: PrestaShop AdvancedPopupCreator - SQL Injection
author: MaStErChO
severity: critical
description: |
In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.
impact: |
Unauthenticated attackers can execute arbitrary SQL commands to extract database contents including customer data, orders, payment information, and administrative credentials from the PrestaShop database.
remediation: |
Upgrade to the latest version of the Advanced Popup Creator module from Idnovate
https://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.htmlhttps://friends-of-presta.github.io/security-advisories/modules/2023/04/11/advancedpopupcreator.htmlhttps://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.htmlhttps://friends-of-presta.github.io/security-advisories/modules/2023/04/11/advancedpopupcreator.html
2023-04-12
Published
Exploited in the wild