Login Sign Up

CVE-2023-39526

9.1 CRITICAL
Remote Code Execution SQL Injection

📋 TL;DR

This CVE allows attackers to execute arbitrary code on PrestaShop e-commerce platforms through SQL injection and arbitrary file write vulnerabilities in the back office. Attackers can gain full control of affected systems, potentially stealing customer data, modifying orders, or installing malware. All PrestaShop installations running vulnerable versions are affected.

💻 Affected Systems

Products:
  • PrestaShop
Versions: All versions prior to 1.7.8.10, 8.0.5, and 8.1.1
Operating Systems: All operating systems running PrestaShop
Default Config Vulnerable: ⚠️ Yes
Notes: Requires back office access, but SQL injection can potentially bypass authentication. All default installations are vulnerable.

📦 What is this software?

Prestashop by Prestashop

View all CVEs affecting Prestashop →

Prestashop by Prestashop

View all CVEs affecting Prestashop →

Prestashop by Prestashop

View all CVEs affecting Prestashop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, defacement, and lateral movement to other systems in the network.

🟠

Likely Case

Attackers gain administrative access to the PrestaShop back office, allowing them to steal customer PII, payment information, modify orders, and install backdoors.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and access controls prevent exploitation attempts from reaching vulnerable systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires access to the back office, but SQL injection could potentially bypass authentication. The CVSS score of 9.1 indicates high exploitability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.8.10, 8.0.5, or 8.1.1

Vendor Advisory: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc

Restart Required: No

Instructions:

1. Backup your PrestaShop installation and database. 2. Update to version 1.7.8.10, 8.0.5, or 8.1.1 depending on your current major version. 3. Verify the update completed successfully. 4. Clear any caches and test functionality.

🧯 If You Can't Patch

  • Restrict access to the PrestaShop back office using IP whitelisting and strong authentication
  • Implement a Web Application Firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check your PrestaShop version in the back office under Advanced Parameters > Information

Check Version:

Check the /app/config/parameters.php file or back office information page

Verify Fix Applied:

Verify version is 1.7.8.10, 8.0.5, or 8.1.1 in the back office information page

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Unexpected file write operations in system logs
  • Multiple failed login attempts to back office followed by successful access

Network Indicators:

  • Unusual traffic patterns to back office endpoints
  • SQL injection patterns in HTTP requests

SIEM Query:

source="prestashop_logs" AND (message="*sql*" OR message="*file_write*" OR message="*backoffice*" AND status="success")

📊 Metadata

CVE ID: CVE-2023-39526
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-89
Published: August 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39526, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)