CVE-2021-3110
📋 TL;DR
CVE-2021-3110 is a time-based blind SQL injection vulnerability in PrestaShop's product comments module. Attackers can exploit this to extract sensitive database information by manipulating the id_products[] parameter. All PrestaShop 1.7.7.0 installations with the productcomments module enabled are affected.
💻 Affected Systems
- PrestaShop
📦 What is this software?
Prestashop by Prestashop
⚠️ Risk & Real-World Impact
Worst Case
Full database compromise leading to theft of customer data, admin credentials, payment information, and complete system takeover.
Likely Case
Extraction of sensitive data including user credentials, customer information, and configuration details from the database.
If Mitigated
Limited information disclosure if database permissions are properly restricted and input validation is implemented.
🎯 Exploit Status
Exploit code is publicly available and requires minimal technical skill to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.7.1 and later
Vendor Advisory: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-5q2v-6jgj-5c9j
Restart Required: No
Instructions:
1. Update PrestaShop to version 1.7.7.1 or later. 2. Apply the patch from the official GitHub repository. 3. Clear cache and verify functionality.
🔧 Temporary Workarounds
Disable productcomments module
allTemporarily disable the vulnerable module until patching is possible
php bin/console prestashop:module disable productcomments
WAF rule implementation
allAdd SQL injection detection rules for the productcomments controller
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for the CommentGrade controller
- Restrict database user permissions to minimum required access
🔍 How to Verify
Check if Vulnerable:
Check if running PrestaShop 1.7.7.0 with productcomments module enabled. Review access logs for suspicious requests to module=productcomments controller=CommentGrade with id_products[] parameter.Check Version:
php bin/console prestashop:versionVerify Fix Applied:
Verify PrestaShop version is 1.7.7.1 or later. Test the vulnerable endpoint with SQL injection payloads to confirm they are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual requests to /index.php?module=productcomments&controller=CommentGrade with id_products[] parameter containing SQL syntax
- Multiple time-delayed requests to the same endpoint
- Database error logs showing SQL syntax errors
Network Indicators:
- HTTP requests with SQL keywords in id_products[] parameter
- Pattern of requests with increasing time delays
SIEM Query:
source="web_access_logs" AND uri="*module=productcomments*" AND uri="*controller=CommentGrade*" AND (uri="*SLEEP*" OR uri="*WAITFOR*" OR uri="*BENCHMARK*")