CVE-2023-26858 – This CVE describes a critical SQL injection vul... (How to Fix)

Q: What is the severity of CVE-2023-26858?

CVE-2023-26858 has a CVSS score of 9.8 (CRITICAL). This CVE describes a critical SQL injection vulnerability in the PrestaShop FAQs module v3.1.6, allowing remote attackers to execute arbitrary SQL commands via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. Exploitation can lead to privilege escalation, data theft, or full system compromise. Users of PrestaShop with this specific module version are affected.

📋 TL;DR

This CVE describes a critical SQL injection vulnerability in the PrestaShop FAQs module v3.1.6, allowing remote attackers to execute arbitrary SQL commands via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. Exploitation can lead to privilege escalation, data theft, or full system compromise. Users of PrestaShop with this specific module version are affected.

💻 Affected Systems

Products:

PrestaShop FAQs module

Versions: v3.1.6

Operating Systems: All (module-specific, not OS-dependent)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects PrestaShop installations with the FAQs module version 3.1.6 installed and enabled.

📦 What is this software?

Frequently Asked Questions Page by Myprestamodules

View all CVEs affecting Frequently Asked Questions Page →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative takeover of the PrestaShop instance, leading to data exfiltration, site defacement, or deployment of malware.

🟠

Likely Case

Unauthorized access to sensitive database information, such as user credentials or payment data, and potential privilege escalation.

🟢

If Mitigated

Limited impact if SQL injection protections like input validation or WAFs are in place, but risk remains if the vulnerability is unpatched.

🌐 Internet-Facing: HIGH, as the vulnerability is remotely exploitable via a web component, making internet-facing PrestaShop sites prime targets.

🏢 Internal Only: MEDIUM, as internal attackers could exploit it if they have network access, but external exposure increases overall risk.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are often easy to exploit with automated tools, but no public proof-of-concept has been confirmed for this specific CVE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for updated version (likely v3.1.7 or higher)

Vendor Advisory: https://friends-of-presta.github.io/security-advisories/modules/2023/03/28/faqs.html

Restart Required: No

Instructions:

1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find the FAQs module and update to the latest patched version. 4. Verify the update completes successfully.

🔧 Temporary Workarounds

Disable the FAQs module

all

Temporarily disable the vulnerable module to prevent exploitation until a patch is applied.

In PrestaShop admin, go to Modules > Module Manager, find FAQs module, and click Disable.

Implement WAF rules

all

Configure a web application firewall to block SQL injection attempts targeting the faqsBudgetModuleFrontController component.

Add custom WAF rule to detect and block SQL patterns in requests to /modules/faqs/controllers/front/displayAjaxGenerateBudget.

🧯 If You Can't Patch

Restrict network access to the PrestaShop instance using firewalls to limit exposure to trusted IPs only.
Monitor logs for unusual SQL queries or access attempts to the vulnerable component and implement alerting.

🔍 How to Verify

Check if Vulnerable:

Check the module version in PrestaShop admin under Modules > Module Manager for FAQs module; if version is 3.1.6, it is vulnerable.

Check Version:

In PrestaShop, navigate to Modules > Module Manager and view the version of the FAQs module.

Verify Fix Applied:

After updating, confirm the FAQs module version is no longer 3.1.6 and test the displayAjaxGenerateBudget endpoint for SQL injection attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in PrestaShop logs, especially related to faqsBudgetModuleFrontController::displayAjaxGenerateBudget.

Network Indicators:

HTTP requests containing SQL injection patterns (e.g., UNION SELECT, OR 1=1) targeting the vulnerable endpoint.

SIEM Query:

Example: search 'faqsBudgetModuleFrontController' AND ('SQL' OR 'error') in web server logs.

📊 Metadata

CVE ID: CVE-2023-26858

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 31, 2023

Last Updated: February 18, 2025

🔗 References

https://addons.prestashop.com/en/faq-frequently-asked-questions/16036-frequently-asked-questions-faq-page.html Product
https://friends-of-presta.github.io/security-advisories/modules/2023/03/28/faqs.html Exploit,Patch,Third Party Advisory
https://addons.prestashop.com/en/faq-frequently-asked-questions/16036-frequently-asked-questions-faq-page.html Product
https://friends-of-presta.github.io/security-advisories/modules/2023/03/28/faqs.html Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26858, you might also want to check these: