CVE-2019-19594
📋 TL;DR
This vulnerability allows remote attackers to upload and execute arbitrary PHP files through the Adobe Stock API Integration module in PrestaShop. Attackers can achieve remote code execution on affected servers, potentially compromising the entire e-commerce platform. All PrestaShop installations using the vulnerable RESET.PRO Adobe Stock API Integration module are affected.
💻 Affected Systems
- RESET.PRO Adobe Stock API Integration for PrestaShop
📦 What is this software?
Prestashop by Prestashop
Prestashop by Prestashop
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise allowing attackers to steal customer data, install backdoors, deface websites, or use the server for further attacks.
Likely Case
Website defacement, data theft, or installation of cryptocurrency miners or malware on the server.
If Mitigated
Attack prevented at the web application firewall level or through proper file upload validation.
🎯 Exploit Status
Simple file upload vulnerability requiring only HTTP POST requests with malicious PHP files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to latest version of RESET.PRO Adobe Stock API Integration module
Vendor Advisory: https://ia-informatica.com/it/CVE-2019-19594
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules section. 3. Find 'Adobe Stock API Integration' module. 4. Check for updates or reinstall latest version. 5. Alternatively, disable the module if not needed.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the RESET.PRO Adobe Stock API Integration module
Restrict file uploads
linuxConfigure web server to block .php file uploads to the vulnerable path
# Apache: Add to .htaccess
<FilesMatch "\.php$">
Order Allow,Deny
Deny from all
</FilesMatch>
# Nginx: Add to server block
location ~* /reset/modules/fotoliaFoto/multi_upload\.php {
deny all;
}
🧯 If You Can't Patch
- Disable the RESET.PRO Adobe Stock API Integration module completely
- Implement WAF rules to block requests to /reset/modules/fotoliaFoto/multi_upload.php
🔍 How to Verify
Check if Vulnerable:
Check if file exists: /reset/modules/fotoliaFoto/multi_upload.php in PrestaShop installation directoryCheck Version:
Check module version in PrestaShop admin panel under Modules sectionVerify Fix Applied:
Verify module is updated to latest version or disabled in PrestaShop admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /reset/modules/fotoliaFoto/multi_upload.php
- File uploads with .php extension to the vulnerable path
- Unusual file creation in web directories
Network Indicators:
- POST requests to the vulnerable endpoint with file uploads
- Traffic patterns showing file uploads to unexpected paths
SIEM Query:
source="web_server" AND (uri="/reset/modules/fotoliaFoto/multi_upload.php" OR file_extension="php")