CVE-2023-25207
📋 TL;DR
CVE-2023-25207 is a SQL injection vulnerability in the DPD France module for PrestaShop that allows attackers to execute arbitrary SQL commands via the dpdfrance/ajax.php endpoint. This affects PrestaShop e-commerce sites using the vulnerable DPD France shipping module. Attackers can potentially access, modify, or delete database content.
💻 Affected Systems
- PrestaShop DPD France module
📦 What is this software?
Dpd France by Prestashop
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including customer data theft, administrative account takeover, and full site control leading to data destruction or ransomware deployment.
Likely Case
Data exfiltration of customer information (names, addresses, payment details), order manipulation, and potential privilege escalation to administrative access.
If Mitigated
Limited impact with proper input validation, database user privilege restrictions, and web application firewalls blocking malicious SQL patterns.
🎯 Exploit Status
SQL injection via HTTP parameters requires minimal technical skill with publicly available tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.1.3
Vendor Advisory: https://friends-of-presta.github.io/security-advisories/modules/2023/03/09/dpdfrance.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find DPD France module. 4. Update to version 6.1.3 or later. 5. Clear cache if necessary.
🔧 Temporary Workarounds
Disable vulnerable endpoint
linuxTemporarily block access to the vulnerable ajax.php file
sudo mv /path/to/prestashop/modules/dpdfrance/ajax.php /path/to/prestashop/modules/dpdfrance/ajax.php.disabled
Web Application Firewall rule
allBlock SQL injection patterns targeting dpdfrance/ajax.php
ModSecurity rule: SecRule REQUEST_URI "@contains dpdfrance/ajax.php" "id:1001,phase:2,deny,msg:'Blocking DPD France SQLi attempt'"
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for all user inputs
- Restrict database user permissions to minimum required and implement network segmentation
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > DPD France, or examine /modules/dpdfrance/ directory for version file.Check Version:
grep -r 'version' /path/to/prestashop/modules/dpdfrance/ || cat /path/to/prestashop/modules/dpdfrance/dpdfrance.php | grep 'version'Verify Fix Applied:
Confirm DPD France module version is 6.1.3 or higher in admin panel, and test ajax.php endpoint with SQL injection test payloads.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /modules/dpdfrance/ajax.php with SQL keywords (UNION, SELECT, INSERT, DELETE)
- Unusual database query patterns from web application user
- Multiple failed login attempts following ajax.php access
Network Indicators:
- HTTP POST/GET requests to dpdfrance/ajax.php containing SQL syntax
- Unusual outbound database connections from web server
SIEM Query:
source="web_logs" AND uri="/modules/dpdfrance/ajax.php" AND (query="*UNION*" OR query="*SELECT*" OR query="*INSERT*" OR query="*DELETE*")🔗 References
- https://addons.prestashop.com/fr/transporteurs/19414-dpd-france.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/03/09/dpdfrance.html
- https://addons.prestashop.com/fr/transporteurs/19414-dpd-france.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/03/09/dpdfrance.html
