CVE-2023-26864
📋 TL;DR
This SQL injection vulnerability in PrestaShop's smplredirectionsmanager module allows remote attackers to execute arbitrary SQL commands. Attackers can gain administrative privileges, access/modify database content, or potentially achieve remote code execution. All PrestaShop installations using smplredirectionsmanager v1.1.19 or earlier are affected.
💻 Affected Systems
- PrestaShop smplredirectionsmanager module
📦 What is this software?
Smplredirectionsmanager by Smplredirectionsmanager Project
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise including remote code execution, database exfiltration, and persistent backdoor installation
Likely Case
Administrative privilege escalation leading to data theft, website defacement, and e-commerce fraud
If Mitigated
Limited impact with proper input validation and database permissions, potentially only data viewing
🎯 Exploit Status
SQL injection in SmplTools::getMatchingRedirectionsFromParts component requires minimal technical skill to exploit
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v1.1.20 or later
Vendor Advisory: https://friends-of-presta.github.io/security-advisories/modules/2023/01/17/smplredirectionsmanager.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Search for 'smplredirectionsmanager'. 4. Click 'Upgrade' to v1.1.20+. 5. Clear PrestaShop cache via Advanced Parameters > Performance.
🔧 Temporary Workarounds
Disable vulnerable module
linuxTemporarily disable the smplredirectionsmanager module until patched
php /path/to/prestashop/bin/console prestashop:module disable smplredirectionsmanager
WAF rule implementation
allAdd SQL injection detection rules to web application firewall
Add rule: Detect SQL keywords in SmplTools::getMatchingRedirectionsFromParts parameters
🧯 If You Can't Patch
- Implement strict input validation for all SmplTools::getMatchingRedirectionsFromParts parameters
- Apply principle of least privilege to database user account used by PrestaShop
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > smplredirectionsmanagerCheck Version:
grep -r 'smplredirectionsmanager' /path/to/prestashop/modules/ | grep 'version'Verify Fix Applied:
Confirm module version is v1.1.20 or higher in module details📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts from single IP followed by admin access
- POST requests to SmplTools::getMatchingRedirectionsFromParts with SQL keywords
Network Indicators:
- HTTP requests containing SQL injection payloads in parameters
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND (url="*SmplTools*" OR url="*getMatchingRedirectionsFromParts*") AND (param="*UNION*" OR param="*SELECT*" OR param="*INSERT*" OR param="*DELETE*")