CVE-2023-31672
📋 TL;DR
This CVE describes a SQL injection vulnerability in the 'Length, weight or volume sell' (ailinear) module for PrestaShop versions before 2.4.3. Attackers can execute arbitrary SQL commands through the vulnerable module, potentially compromising the entire database. All PrestaShop installations using the affected ailinear module are vulnerable.
💻 Affected Systems
- PrestaShop with ailinear module
📦 What is this software?
Ailinear by Ai Dev
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise allowing data theft, modification, or deletion; potential remote code execution via database functions; full system takeover.
Likely Case
Database information disclosure including customer data, admin credentials, and sensitive business information; potential privilege escalation.
If Mitigated
Limited impact with proper input validation and parameterized queries; database access restricted to read-only operations.
🎯 Exploit Status
SQL injection vulnerabilities are commonly exploited; public advisory includes technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: PrestaShop 2.4.3 or later
Vendor Advisory: https://friends-of-presta.github.io/security-advisories/modules/2023/06/15/ailinear.html
Restart Required: No
Instructions:
1. Update PrestaShop to version 2.4.3 or later. 2. Alternatively, update the ailinear module to a patched version if available. 3. Verify the module code uses parameterized queries.
🔧 Temporary Workarounds
Disable ailinear module
allTemporarily disable the vulnerable module until patching is possible
Navigate to PrestaShop admin panel > Modules > Module Manager > Disable 'Length, weight or volume sell' module
Web Application Firewall (WAF)
allConfigure WAF rules to block SQL injection patterns targeting the ailinear module endpoints
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all user inputs to the ailinear module
- Apply database-level controls: restrict database user permissions, enable query logging, and implement database firewall rules
🔍 How to Verify
Check if Vulnerable:
Check PrestaShop version in admin panel or via database: SELECT value FROM ps_configuration WHERE name = 'PS_VERSION_DB'; also verify ailinear module is installed.Check Version:
SELECT value FROM ps_configuration WHERE name = 'PS_VERSION_DB';Verify Fix Applied:
Confirm PrestaShop version is 2.4.3 or later and review module code for parameterized queries instead of string concatenation.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts or SQL errors in web server logs
- Unexpected database connections from web server IP
Network Indicators:
- HTTP requests with SQL keywords (SELECT, UNION, etc.) to ailinear module endpoints
- Abnormal traffic patterns to database port from web server
SIEM Query:
source="web_logs" AND (uri="*ailinear*" AND (method="POST" OR method="GET") AND (query="*SELECT*" OR query="*UNION*" OR query="*OR 1=1*"))