Login Sign Up

CVE-2023-30150

9.8 CRITICAL
SQL Injection

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the leocustomajax module in PrestaShop. It affects all websites running PrestaShop with leocustomajax versions 1.0 or 1.0.0 installed. Successful exploitation could lead to complete database compromise.

💻 Affected Systems

Products:
  • PrestaShop leocustomajax module
Versions: 1.0 and 1.0.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects PrestaShop installations with the leocustomajax module enabled.

📦 What is this software?

Leocustomajax by Leotheme

View all CVEs affecting Leocustomajax →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database takeover, data exfiltration, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Database information disclosure, including customer data, orders, and administrative credentials.

🟢

If Mitigated

Limited impact with proper input validation and database user privilege restrictions.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is typically internet-accessible in PrestaShop installations.
🏢 Internal Only: LOW - This is primarily a web application vulnerability affecting internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection is well-understood and weaponized tools exist. The vulnerability requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.1

Vendor Advisory: https://friends-of-presta.github.io/security-advisories/module/2023/06/06/leocustomajax.html

Restart Required: No

Instructions:

1. Download leocustomajax version 1.0.1 from official PrestaShop marketplace. 2. Replace the existing leocustomajax module files. 3. Clear PrestaShop cache from the admin panel.

🔧 Temporary Workarounds

Disable leocustomajax module

all

Temporarily disable the vulnerable module until patching is possible.

Navigate to PrestaShop admin > Modules > Module Manager > leocustomajax > Disable

Block vulnerable endpoint

linux

Use web application firewall or .htaccess to block access to the vulnerable file.

Add to .htaccess: Deny from all for /modules/leocustomajax/leoajax.php

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries at application level
  • Restrict database user permissions to minimum required operations

🔍 How to Verify

Check if Vulnerable:

Check if /modules/leocustomajax/leoajax.php exists and examine the file for lack of parameterized queries.

Check Version:

Check module version in PrestaShop admin: Modules > Module Manager > leocustomajax

Verify Fix Applied:

Verify leocustomajax module version is 1.0.1 in PrestaShop admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple requests to /modules/leocustomajax/leoajax.php with SQL-like parameters

Network Indicators:

  • HTTP requests containing SQL keywords (SELECT, UNION, etc.) to the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="/modules/leocustomajax/leoajax.php" AND (query="SELECT" OR query="UNION" OR query="INSERT")

📊 Metadata

CVE ID: CVE-2023-30150
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: June 14, 2023
Last Updated: January 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30150, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)