CVE-2023-30200
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform path traversal attacks in the 'ultimateimagetool' PrestaShop module, enabling them to download sensitive personal information without authorization. It affects PrestaShop installations using the vulnerable module versions. Guest users can exploit this to access restricted files containing personal data.
💻 Affected Systems
- Advanced Plugins for PrestaShop - Image: WebP, Compress, Zoom, Lazy load, Alt & More (ultimateimagetool)
📦 What is this software?
Ultimateimagetool by Advancedplugins
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all personal information stored on the server, including customer data, configuration files, and sensitive system files, potentially leading to data breaches and regulatory violations.
Likely Case
Unauthorized access to customer personal information, order details, and potentially administrative credentials stored in configuration files.
If Mitigated
Limited exposure of non-sensitive files if proper file permissions and web server configurations restrict access to critical directories.
🎯 Exploit Status
The vulnerability is well-documented with public references showing the exact vulnerable code path. Attackers can craft simple HTTP requests to traverse directories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.03 or later
Vendor Advisory: https://security.friendsofpresta.org/modules/2023/07/20/ultimateimagetool.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Search for 'ultimateimagetool'. 4. Click 'Update' if available, or uninstall and install latest version from official marketplace. 5. Verify module version is 2.1.03 or higher.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the ultimateimagetool module until patched
UPDATE ps_module SET active = 0 WHERE name = 'ultimateimagetool';
Restrict file access via web server
linuxConfigure web server to block directory traversal attempts
# Apache: Set AllowOverride None in vulnerable directories
# Nginx: Add 'location ~ \.\./ { deny all; }' to config
🧯 If You Can't Patch
- Disable the ultimateimagetool module completely
- Implement WAF rules to block path traversal patterns in requests
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > ultimateimagetool. If version is 2.1.02 or lower, you are vulnerable.Check Version:
SELECT version FROM ps_module WHERE name = 'ultimateimagetool';Verify Fix Applied:
Confirm module version is 2.1.03 or higher. Test by attempting path traversal requests to verify they are blocked.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' or '..\' patterns to the ultimateimagetool endpoint
- Unusual file access patterns from guest users
- Failed attempts to access sensitive directories
Network Indicators:
- HTTP requests with encoded directory traversal sequences (%2e%2e%2f, ..%2f)
- Multiple sequential requests attempting to access different directory levels
SIEM Query:
source="web_access_logs" AND (uri="*ultimateimagetool*" AND (uri="*../*" OR uri="*..\\*" OR uri="*%2e%2e%2f*"))🔗 References
- https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247
- https://security.friendsofpresta.org/modules/2023/07/20/ultimateimagetool.html
- https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247
- https://security.friendsofpresta.org/modules/2023/07/20/ultimateimagetool.html
