CVE-2023-27845
📋 TL;DR
This SQL injection vulnerability in PrestaShop's Kerawen OCS module allows remote attackers to execute arbitrary SQL commands via specific components. Attackers can gain administrative privileges, potentially compromising the entire e-commerce system. All PrestaShop installations using vulnerable versions of the lekerawen_ocs module are affected.
💻 Affected Systems
- PrestaShop lekerawen_ocs module
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to steal customer data, modify orders, inject malicious code, and take full control of the e-commerce platform.
Likely Case
Privilege escalation leading to unauthorized administrative access, data theft, and potential financial fraud through order manipulation.
If Mitigated
Limited impact with proper input validation, parameterized queries, and web application firewall rules blocking SQL injection patterns.
🎯 Exploit Status
SQL injection vulnerabilities are commonly exploited with automated tools. The specific vulnerable endpoints are identified in the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.1
Vendor Advisory: https://security.friendsofpresta.org/modules/2023/07/06/kerawen_ocs.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find 'Kerawen OCS' module. 4. Click 'Upgrade' to version 1.4.1 or later. 5. Alternatively, download from Kerawen website and manually install.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the Kerawen OCS module until patching is possible
Navigate to Modules > Module Manager in PrestaShop admin, find 'Kerawen OCS', click 'Disable'
WAF rule implementation
allAdd SQL injection detection rules to web application firewall
Add rule to block requests containing SQL keywords like UNION, SELECT, INSERT, DELETE, DROP, EXEC when targeting vulnerable endpoints
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for all user inputs
- Deploy web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > Kerawen OCSCheck Version:
Check PrestaShop database: SELECT version FROM ps_module WHERE name = 'lekerawen_ocs'Verify Fix Applied:
Confirm module version shows 1.4.1 or higher after upgrade📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by successful admin login
- Requests to KerawenHelper endpoints with SQL keywords in parameters
Network Indicators:
- HTTP POST requests containing SQL injection payloads to vulnerable endpoints
- Unusual traffic patterns to admin interfaces
SIEM Query:
source="web_logs" AND (uri="*KerawenHelper*" AND (param="*UNION*" OR param="*SELECT*" OR param="*INSERT*" OR param="*DELETE*"))