Login Sign Up

CVE-2023-34576

9.8 CRITICAL
SQL Injection

📋 TL;DR

This is a critical SQL injection vulnerability in the OpartFAQ module for PrestaShop that allows remote attackers to execute arbitrary SQL commands. Attackers can potentially read, modify, or delete database content, including sensitive customer data. All PrestaShop installations using the affected OpartFAQ module versions are vulnerable.

💻 Affected Systems

Products:
  • PrestaShop OpartFAQ module
Versions: through 1.0.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects PrestaShop installations with the OpartFAQ module installed and enabled.

📦 What is this software?

Opartfaq by Opartfaq Project

View all CVEs affecting Opartfaq →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, or remote code execution via database functions.

🟠

Likely Case

Data exfiltration of customer information (names, emails, addresses), order history, and potentially administrative credentials stored in the database.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database user privilege restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are commonly weaponized. The description indicates remote attackers can exploit this, suggesting unauthenticated access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.4 or later

Vendor Advisory: https://security.friendsofpresta.org/modules/2023/09/19/opartfaq.html

Restart Required: No

Instructions:

1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find OpartFAQ module. 4. Update to version 1.0.4 or later. 5. Clear PrestaShop cache.

🔧 Temporary Workarounds

Disable OpartFAQ module

all

Temporarily disable the vulnerable module until patching is possible

WAF rule for SQL injection

all

Implement web application firewall rules to block SQL injection patterns targeting updatepos.php

🧯 If You Can't Patch

  • Disable the OpartFAQ module immediately
  • Implement strict input validation and output encoding for all user inputs

🔍 How to Verify

Check if Vulnerable:

Check PrestaShop admin panel > Modules > Module Manager > OpartFAQ module version. If version is 1.0.3 or earlier, you are vulnerable.

Check Version:

Check via PrestaShop admin interface or examine modules/opartfaq/opartfaq.php file version header

Verify Fix Applied:

Verify OpartFAQ module version is 1.0.4 or later in PrestaShop admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in web server logs
  • Multiple requests to updatepos.php with SQL-like patterns
  • Database error messages containing user input

Network Indicators:

  • HTTP POST requests to updatepos.php containing SQL keywords (SELECT, UNION, INSERT, etc.)
  • Unusual database connection patterns from web server

SIEM Query:

source="web_server_logs" AND uri="*updatepos.php*" AND (message="*SQL*" OR message="*syntax*" OR message="*union*" OR message="*select*")

📊 Metadata

CVE ID: CVE-2023-34576
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: September 21, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34576, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)