CVE-2023-43980
📋 TL;DR
CVE-2023-43980 is a SQL injection vulnerability in Presto Changeo testsitecreator module for PrestaShop. Attackers can execute arbitrary SQL commands via the disable_json.php component, potentially compromising the database. This affects all users running testsitecreator version 1.1.1 or earlier.
💻 Affected Systems
- Presto Changeo testsitecreator module for PrestaShop
📦 What is this software?
Testsitecreator by Presto Changeo
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution via database functions.
Likely Case
Database information disclosure, data manipulation, and potential authentication bypass leading to unauthorized access.
If Mitigated
Limited impact with proper input validation and parameterized queries in place, potentially only error messages exposed.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized and this one requires no authentication, making exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.1.2 or later
Vendor Advisory: https://www.presto-changeo.com/prestashop/home/158-test-site-creator.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find 'Test Site Creator' module. 4. Update to version 1.1.2 or later. 5. Clear PrestaShop cache.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the testsitecreator module to prevent exploitation
Navigate to PrestaShop admin > Modules > Module Manager > Test Site Creator > Disable
Block access to vulnerable endpoint
allUse web server configuration to block access to disable_json.php
Add to .htaccess: RewriteRule ^modules/testsitecreator/disable_json\.php$ - [F,L]
For nginx: location ~ /modules/testsitecreator/disable_json\.php$ { return 403; }
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SQL injection patterns targeting disable_json.php
- Restrict network access to the PrestaShop instance to trusted IP addresses only
🔍 How to Verify
Check if Vulnerable:
Check PrestaShop admin panel > Modules > Module Manager > Test Site Creator for version number. If version is 1.1.1 or lower, you are vulnerable.Check Version:
Check PrestaShop database: SELECT version FROM ps_module WHERE name = 'testsitecreator'Verify Fix Applied:
After updating, verify module version shows 1.1.2 or higher in PrestaShop admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple requests to /modules/testsitecreator/disable_json.php with SQL-like parameters
- Database error messages containing SQL syntax
Network Indicators:
- HTTP POST requests to disable_json.php with SQL injection payloads
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND uri="/modules/testsitecreator/disable_json.php" AND (query="UNION" OR query="SELECT" OR query="INSERT" OR query="UPDATE" OR query="DELETE")🔗 References
- https://security.friendsofpresta.org/modules/2023/09/28/testsitecreator-89.html
- https://www.presto-changeo.com/prestashop/home/158-test-site-creator.html
- https://security.friendsofpresta.org/modules/2023/09/28/testsitecreator-89.html
- https://www.presto-changeo.com/prestashop/home/158-test-site-creator.html
