CVE-2021-43789 – CVE-2021-43789 is a blind SQL injection vulnera... (How to Fix)

Q: What is the severity of CVE-2021-43789?

CVE-2021-43789 has a CVSS score of 7.5 (HIGH). CVE-2021-43789 is a blind SQL injection vulnerability in PrestaShop e-commerce software that allows attackers to execute arbitrary SQL queries through search filters. This affects PrestaShop versions before 1.7.8.2, potentially compromising database confidentiality and integrity.

📋 TL;DR

CVE-2021-43789 is a blind SQL injection vulnerability in PrestaShop e-commerce software that allows attackers to execute arbitrary SQL queries through search filters. This affects PrestaShop versions before 1.7.8.2, potentially compromising database confidentiality and integrity.

💻 Affected Systems

Products:

PrestaShop

Versions: All versions prior to 1.7.8.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the search functionality using orderBy and sortOrder parameters. All PrestaShop installations with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Prestashop by Prestashop

View all CVEs affecting Prestashop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including theft of customer data, payment information, administrative credentials, and potential remote code execution through database functions.

🟠

Likely Case

Data exfiltration of sensitive information such as customer records, order details, and administrative credentials leading to further system compromise.

🟢

If Mitigated

Limited data exposure if proper input validation and database permissions are configured, but SQL injection attempts still detectable.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to search functionality but does not require authentication. The vulnerability is in the core search filters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.8.2

Vendor Advisory: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4

Restart Required: No

Instructions:

1. Backup your PrestaShop installation and database. 2. Download PrestaShop 1.7.8.2 or later from the official repository. 3. Replace the vulnerable files with patched versions. 4. Clear cache and verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for orderBy and sortOrder parameters to only allow expected values.

Modify search controller to validate orderBy and sortOrder parameters against whitelist

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns in search parameters.

Add WAF rule: Detect and block SQL injection patterns in orderBy and sortOrder parameters

🧯 If You Can't Patch

Implement strict input validation for all search parameters
Restrict database user permissions to minimum required

🔍 How to Verify

Check if Vulnerable:

Check PrestaShop version in admin panel or by examining the configuration file. Versions below 1.7.8.2 are vulnerable.

Check Version:

Check /app/config/parameters.php for version or use PrestaShop admin panel

Verify Fix Applied:

Verify version is 1.7.8.2 or higher and test search functionality with SQL injection payloads to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple search requests with suspicious orderBy/sortOrder parameters
Error logs showing SQL syntax errors

Network Indicators:

HTTP requests containing SQL keywords in search parameters
Repeated search requests with varying orderBy values

SIEM Query:

source="web_logs" AND (orderBy CONTAINS "UNION" OR orderBy CONTAINS "SELECT" OR sortOrder CONTAINS SQL keywords)

📊 Metadata

CVE ID: CVE-2021-43789

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

Published: December 7, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/PrestaShop/PrestaShop/issues/26623 Issue Tracking,Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2 Release Notes,Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4 Third Party Advisory
https://github.com/PrestaShop/PrestaShop/issues/26623 Issue Tracking,Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.2 Release Notes,Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6xxj-gcjq-wgf4 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43789, you might also want to check these: