CVE-2023-30153 – This SQL injection vulnerability in the Payplug... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in the Payplug module for PrestaShop allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller. This affects PrestaShop installations using Payplug module versions 3.6.0 through 3.7.1, potentially leading to data theft, manipulation, or complete system compromise.

💻 Affected Systems

Products:

PrestaShop Payplug module

Versions: 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0, 3.7.1

Operating Systems: All platforms running PrestaShop

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects PrestaShop installations with the Payplug payment module installed and enabled.

📦 What is this software?

Payplug by Prestashop

View all CVEs affecting Payplug →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including customer payment data, admin credentials, and full control over the PrestaShop installation leading to data breach and financial loss.

🟠

Likely Case

Data exfiltration of customer information, payment details, and administrative credentials leading to fraud and reputational damage.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only affecting non-sensitive data.

🌐 Internet-Facing: HIGH - The ajax.php endpoint is typically internet-facing in PrestaShop installations, making exploitation trivial from anywhere.

🏢 Internal Only: LOW - This vulnerability requires access to the ajax.php endpoint which is typically internet-facing, not internal-only.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via ajax.php requires no authentication and has public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.7.2 or later

Vendor Advisory: https://security.friendsofpresta.org/module/2023/07/18/payplug.html

Restart Required: No

Instructions:

1. Log into PrestaShop admin panel
2. Navigate to Modules > Module Manager
3. Find Payplug module
4. Update to version 3.7.2 or later
5. Clear PrestaShop cache

🔧 Temporary Workarounds

Disable Payplug module

all

Temporarily disable the vulnerable Payplug module until patched

Navigate to PrestaShop admin > Modules > Module Manager > Payplug > Disable

Restrict ajax.php access

linux

Block external access to the vulnerable ajax.php endpoint

Add to .htaccess: Deny from all
Or configure web server to block /modules/payplug/ajax.php

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Monitor and block suspicious requests to ajax.php endpoint

🔍 How to Verify

Check if Vulnerable:

Check Payplug module version in PrestaShop admin panel under Modules > Module Manager > Payplug

Check Version:

Check modules/payplug/README.md or version file in module directory

Verify Fix Applied:

Confirm Payplug module version is 3.7.2 or later in admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests to /modules/payplug/ajax.php with SQL syntax

Network Indicators:

HTTP requests to ajax.php containing SQL keywords (SELECT, UNION, etc.)
Abnormal traffic patterns to payment module endpoints

SIEM Query:

http.url:"/modules/payplug/ajax.php" AND (http.query:*SELECT* OR http.query:*UNION* OR http.query:*OR*1=1*)

📊 Metadata

CVE ID: CVE-2023-30153

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: July 18, 2023

Last Updated: November 21, 2024

🔗 References

https://addons.prestashop.com/en/payment-card-wallet/8795--payplug-accept-customer-payments-wherever-they-are.html Product
https://security.friendsofpresta.org/module/2023/07/18/payplug.html Exploit,Patch,Third Party Advisory
https://addons.prestashop.com/en/payment-card-wallet/8795--payplug-accept-customer-payments-wherever-they-are.html Product
https://security.friendsofpresta.org/module/2023/07/18/payplug.html Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30153, you might also want to check these: