CVE-2023-30195
📋 TL;DR
This vulnerability allows unauthenticated attackers to download personal information in JSON format from PrestaShop stores using the vulnerable lgdetailedorder module. Any PrestaShop installation with this module version 1.1.20 or earlier is affected, potentially exposing customer data to unauthorized access.
💻 Affected Systems
- PrestaShop module 'Detailed Order' (lgdetailedorder) by Linea Grafica
📦 What is this software?
Lgdetailedorder by Lineagrafica
⚠️ Risk & Real-World Impact
Worst Case
Mass exfiltration of all customer personal data including names, addresses, email addresses, and order details, leading to regulatory fines, reputational damage, and potential identity theft.
Likely Case
Unauthorized access to customer personal information by automated scanners or opportunistic attackers, resulting in data privacy violations and potential GDPR/CCPA compliance issues.
If Mitigated
Limited exposure if module is disabled or access controls are implemented, but underlying vulnerability remains present in the code.
🎯 Exploit Status
The advisory includes technical details that make exploitation straightforward. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.1.21 or later
Vendor Advisory: https://friends-of-presta.github.io/security-advisories/modules/2023/06/22/lgdetailedorder.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find 'Detailed Order' module. 4. Update to version 1.1.21 or later. 5. Clear PrestaShop cache.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the lgdetailedorder module to prevent exploitation while planning permanent fix.
Navigate to PrestaShop admin > Modules > Module Manager > Detailed Order > Disable
Implement web application firewall rules
allBlock requests to the vulnerable endpoint using WAF rules.
Block requests containing '/modules/lgdetailedorder/' path patterns
🧯 If You Can't Patch
- Disable the lgdetailedorder module immediately
- Implement network segmentation to restrict access to PrestaShop admin interface
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > Detailed Order. If version is 1.1.20 or earlier, you are vulnerable.Check Version:
Check PrestaShop admin panel: Modules > Module Manager > Detailed OrderVerify Fix Applied:
After updating, confirm module version shows 1.1.21 or later in the module manager. Test that personal data endpoints now require proper authentication.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to /modules/lgdetailedorder/ endpoints
- JSON downloads from unauthenticated IP addresses
- Increased traffic to module-specific URLs
Network Indicators:
- HTTP GET requests to paths containing 'lgdetailedorder' returning JSON data
- Unusual outbound data transfers from PrestaShop server
SIEM Query:
source="web_server" AND uri="/modules/lgdetailedorder/*" AND response_code=200 AND user_agent NOT CONTAINS "bot"