CVE-2023-45379
📋 TL;DR
This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on PrestaShop installations using the 'Rotator Img' module. Attackers can potentially steal sensitive data, modify database contents, or gain administrative access. All PrestaShop sites using vulnerable versions of the posrotatorimg module are affected.
💻 Affected Systems
- PrestaShop with posrotatorimg (Rotator Img) module
📦 What is this software?
Posrotatorimg by Posthemes
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, website defacement, backdoor installation, and full administrative control of the PrestaShop instance.
Likely Case
Data exfiltration of customer information, order details, and administrative credentials, potentially leading to further system compromise.
If Mitigated
Limited impact if proper input validation and parameterized queries are implemented, though some information disclosure may still occur.
🎯 Exploit Status
SQL injection vulnerabilities are commonly exploited with automated tools. The 'guest can perform' description indicates no authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check with module developer for patched version
Vendor Advisory: https://security.friendsofpresta.org/modules/2023/10/17/posrotatorimg.html
Restart Required: No
Instructions:
1. Remove the posrotatorimg module from your PrestaShop installation. 2. Check for updated version from the developer. 3. If no patch exists, permanently remove the module and find alternative functionality.
🔧 Temporary Workarounds
Module Disablement
allTemporarily disable the vulnerable module to prevent exploitation
Navigate to PrestaShop admin panel > Modules > Module Manager > Find 'posrotatorimg' > Click Disable
WAF Rule Implementation
allAdd SQL injection detection rules to web application firewall
Add rule to block SQL injection patterns in POST/GET parameters
🧯 If You Can't Patch
- Remove the posrotatorimg module completely from your PrestaShop installation
- Implement strict input validation and parameterized queries at application level
🔍 How to Verify
Check if Vulnerable:
Check if modules/posrotatorimg directory exists in your PrestaShop installation and check version in module configurationCheck Version:
Check module version in PrestaShop admin panel under Modules > Module Manager > posrotatorimgVerify Fix Applied:
Verify module is removed or updated to version above 1.1, then test for SQL injection using safe testing methods📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts from single IP
- Unexpected database errors in application logs
Network Indicators:
- SQL injection patterns in HTTP requests
- Unusual outbound database connections
- High volume of requests to module endpoints
SIEM Query:
source="web_logs" AND (url="*posrotatorimg*" AND (query="*SELECT*" OR query="*UNION*" OR query="*OR 1=1*"))