CVE-2018-10942
📋 TL;DR
This vulnerability allows remote attackers to upload malicious .phtml files containing PHP code through the Attribute Wizard addon for PrestaShop. Successful exploitation leads to arbitrary code execution on the web server. All PrestaShop installations using the vulnerable Attribute Wizard addon version are affected.
💻 Affected Systems
- PrestaShop with Attribute Wizard addon
📦 What is this software?
Attribute Wizard by Attribute Wizard Project
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise allowing attackers to execute arbitrary commands, steal data, install backdoors, or pivot to internal networks.
Likely Case
Webshell installation leading to data theft, defacement, or use as part of a botnet.
If Mitigated
Attack blocked at web application firewall or file upload validation layer.
🎯 Exploit Status
Simple file upload exploitation with publicly available proof-of-concept code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Attribute Wizard addon version after 1.6.9
Vendor Advisory: https://ia-informatica.com/it/CVE-2018-10942
Restart Required: No
Instructions:
1. Update Attribute Wizard addon to latest version. 2. Update PrestaShop to latest version. 3. Remove any uploaded .phtml files from server.
🔧 Temporary Workarounds
Block .phtml file uploads
allConfigure web server or application to reject .phtml file uploads
# In .htaccess for Apache:
<FilesMatch "\.phtml$">
Order Allow,Deny
Deny from all
</FilesMatch>
# In nginx config:
location ~ \.phtml$ {
deny all;
}
Disable Attribute Wizard addon
linuxTemporarily disable the vulnerable module
# Rename or move the vulnerable file:
mv modules/attributewizardpro/file_upload.php modules/attributewizardpro/file_upload.php.disabled
🧯 If You Can't Patch
- Implement strict file upload validation allowing only specific file types
- Deploy web application firewall with file upload protection rules
🔍 How to Verify
Check if Vulnerable:
Check if file exists: modules/attributewizardpro/file_upload.php and verify PrestaShop/Attribute Wizard versions match vulnerable range.Check Version:
Check PrestaShop version in config/settings.inc.php and Attribute Wizard version in module directory.Verify Fix Applied:
Confirm file_upload.php no longer accepts .phtml files or has been removed/renamed.📡 Detection & Monitoring
Log Indicators:
- POST requests to /modules/attributewizardpro/file_upload.php
- File uploads with .phtml extension
- Unusual PHP execution in upload directories
Network Indicators:
- HTTP requests uploading files to the vulnerable endpoint
- Subsequent connections from webshells
SIEM Query:
source="web_logs" AND uri="/modules/attributewizardpro/file_upload.php" AND method="POST"