CVE-2023-27844 – This SQL injection vulnerability in PrestaShopl... (How to Fix)

Q: What is the severity of CVE-2023-27844?

CVE-2023-27844 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in PrestaShopleurlrewrite v1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the Dispatcher::getController component. Attackers can gain administrative privileges, access/modify database content, or potentially achieve remote code execution. All PrestaShop installations using the vulnerable leurlrewrite module are affected.

📋 TL;DR

This SQL injection vulnerability in PrestaShopleurlrewrite v1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the Dispatcher::getController component. Attackers can gain administrative privileges, access/modify database content, or potentially achieve remote code execution. All PrestaShop installations using the vulnerable leurlrewrite module are affected.

💻 Affected Systems

Products:

PrestaShopleurlrewrite module

Versions: v1.0 and earlier

Operating Systems: All operating systems running PrestaShop

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects PrestaShop installations with the leurlrewrite module installed. The vulnerability is in the module itself, not core PrestaShop.

📦 What is this software?

Leurlrewrite by Litextension

View all CVEs affecting Leurlrewrite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the PrestaShop installation including administrative access, database exfiltration/modification, and potential remote code execution leading to full system takeover.

🟠

Likely Case

Administrative privilege escalation allowing attackers to modify store content, access customer data, and install malicious modules.

🟢

If Mitigated

Limited impact if proper input validation and prepared statements are implemented, though SQL injection attempts may still cause service disruption.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable remotely without authentication via web requests.

🏢 Internal Only: LOW - The primary attack vector is through internet-facing web interfaces.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized. The CVSS 9.8 score indicates trivial exploitation with high impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.0.1 or later

Vendor Advisory: https://friends-of-presta.github.io/security-advisories/modules/2023/04/13/leurlrewrite.html

Restart Required: No

Instructions:

1. Remove the vulnerable leurlrewrite module from your PrestaShop installation. 2. Install the patched version v1.0.1 or later from a trusted source. 3. Verify the module is properly updated in PrestaShop's module manager.

🔧 Temporary Workarounds

Disable leurlrewrite module

all

Temporarily disable the vulnerable module to prevent exploitation while planning permanent fix.

Navigate to PrestaShop admin panel > Modules > Module Manager > Find leurlrewrite > Disable

Web Application Firewall (WAF) rules

all

Implement WAF rules to block SQL injection patterns targeting the Dispatcher::getController component.

Configure WAF to block requests containing SQL injection patterns in URL parameters

🧯 If You Can't Patch

Remove the leurlrewrite module completely from your PrestaShop installation
Implement strict input validation and parameterized queries at the application level

🔍 How to Verify

Check if Vulnerable:

Check PrestaShop admin panel > Modules > Module Manager for leurlrewrite module version. If version is 1.0 or earlier, you are vulnerable.

Check Version:

Check via PrestaShop admin interface: Modules > Module Manager > leurlrewrite details

Verify Fix Applied:

Verify leurlrewrite module is either removed or updated to version 1.0.1 or later in the module manager.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by successful admin login
Requests with SQL keywords in URL parameters

Network Indicators:

HTTP requests containing SQL injection payloads targeting URL parameters
Unusual traffic patterns to admin endpoints

SIEM Query:

web.url:*sql* OR web.url:*union* OR web.url:*select* AND web.url:*controller* AND destination.port:80 OR destination.port:443

📊 Metadata

CVE ID: CVE-2023-27844

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: April 17, 2023

Last Updated: February 6, 2025

🔗 References

https://friends-of-presta.github.io/security-advisories/modules/2023/04/13/leurlrewrite.html Patch,Third Party Advisory
https://litextension.com/migration-services/seo-urls-migrations.html#page%232 Product
https://friends-of-presta.github.io/security-advisories/modules/2023/04/13/leurlrewrite.html Patch,Third Party Advisory
https://litextension.com/migration-services/seo-urls-migrations.html#page%232 Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27844, you might also want to check these: