CVE-2023-40923
📋 TL;DR
CVE-2023-40923 is a SQL injection vulnerability in MyPrestaModules ordersexport module that allows attackers to execute arbitrary SQL commands via the key and save_setting parameters in send.php. This affects PrestaShop stores using ordersexport module versions before 5.0, potentially leading to data theft, modification, or deletion.
💻 Affected Systems
- MyPrestaModules ordersexport module for PrestaShop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including sensitive customer data (personal information, payment details), administrative access takeover, and potential server compromise through SQL injection to file system access or command execution.
Likely Case
Data exfiltration of order information, customer details, and potentially credential harvesting from the PrestaShop database.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection execution.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized. The public disclosure includes technical details that facilitate exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.0 and later
Vendor Advisory: https://security.friendsofpresta.org/modules/2023/11/09/ordersexport.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel
2. Navigate to Modules > Module Manager
3. Find 'ordersexport' module
4. Click 'Upgrade' to version 5.0 or later
5. Verify successful update
🔧 Temporary Workarounds
Disable vulnerable endpoint
linuxTemporarily disable access to send.php file to prevent exploitation
mv modules/ordersexport/send.php modules/ordersexport/send.php.disabled
Web server block
allBlock access to vulnerable endpoint via web server configuration
# Apache: <Location /modules/ordersexport/send.php> Require all denied </Location>
# Nginx: location ~ /modules/ordersexport/send.php { deny all; }
🧯 If You Can't Patch
- Implement WAF rules to block SQL injection patterns targeting send.php parameters
- Monitor and alert on suspicious database queries from the ordersexport module
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > ordersexportCheck Version:
grep -r 'version' modules/ordersexport/ordersexport.php | head -1Verify Fix Applied:
Confirm module version is 5.0 or higher and test send.php endpoint with SQL injection payloads (in safe environment)📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs from ordersexport module
- Multiple failed login attempts or SQL errors in web server logs for send.php
Network Indicators:
- HTTP requests to /modules/ordersexport/send.php with SQL keywords in parameters
- Unusual outbound database connections from web server
SIEM Query:
source="web_logs" AND uri_path="/modules/ordersexport/send.php" AND (param="key" OR param="save_setting") AND (query="SELECT" OR query="UNION" OR query="INSERT" OR query="DELETE")