CVE-2023-26865
📋 TL;DR
This is a critical SQL injection vulnerability in the Bdroppy module for PrestaShop that allows remote attackers to execute arbitrary SQL commands. Attackers can gain administrative privileges on affected PrestaShop installations. All PrestaShop sites using Bdroppy version 2.2.12 or earlier are vulnerable.
💻 Affected Systems
- PrestaShop Bdroppy module
📦 What is this software?
Bdroppy by Brandsdistribution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the PrestaShop installation including database takeover, data theft, installation of backdoors, and full administrative control over the e-commerce platform.
Likely Case
Attackers gain administrative access to the PrestaShop backend, allowing them to modify products, steal customer data, inject malicious code, and potentially compromise the entire server.
If Mitigated
With proper input validation and parameterized queries, the vulnerability would be prevented entirely, maintaining normal system functionality.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized and this one has public technical details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.13 or later
Vendor Advisory: https://friends-of-presta.github.io/security-advisories/modules/2023/04/20/bdroppy.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel
2. Navigate to Modules > Module Manager
3. Find Bdroppy module
4. Update to version 2.2.13 or later
5. Clear PrestaShop cache
🔧 Temporary Workarounds
Disable Bdroppy module
allTemporarily disable the vulnerable module until patching is possible
Navigate to PrestaShop admin > Modules > Module Manager > Bdroppy > Disable
Web Application Firewall (WAF) rules
allImplement WAF rules to block SQL injection patterns targeting the BdroppyCronModuleFrontController
Configure WAF to block SQL injection patterns in requests to */modules/bdroppy/* endpoints
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries in the BdroppyCronModuleFrontController::importProducts component
- Deploy a web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check PrestaShop admin panel > Modules > Module Manager > Bdroppy version. If version is 2.2.12 or earlier, you are vulnerable.Check Version:
Check PrestaShop database: SELECT version FROM ps_module WHERE name = 'bdroppy'Verify Fix Applied:
Verify Bdroppy module version is 2.2.13 or later in PrestaShop admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by successful admin login
- Requests to /modules/bdroppy/controllers/front/cron with SQL syntax in parameters
Network Indicators:
- HTTP POST requests to Bdroppy cron endpoints containing SQL keywords (SELECT, UNION, etc.)
- Unusual traffic patterns to admin endpoints
SIEM Query:
source="web_logs" AND uri="/modules/bdroppy/*" AND (query="*SELECT*" OR query="*UNION*" OR query="*INSERT*" OR query="*UPDATE*")