.. / CVE-2023-27032

Exploit for PrestaShop AdvancedPopupCreator - SQL Injection (CVE-2023-27032)

Description:

In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.

Nuclei Template

View the template here CVE-2023-27032.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-27032.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-27032
https://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.html
https://security.friendsofpresta.org/modules/2023/04/11/advancedpopupcreator.html