CVE-2023-45899
📋 TL;DR
This authentication bypass vulnerability in the SuperUser module for PrestaShop allows attackers to gain unauthorized administrative access without valid credentials. Attackers can exploit this by sending a specially crafted HTTP request to the vulnerable component. All PrestaShop installations using affected versions of the SuperUser module are at risk.
💻 Affected Systems
- idnovate SuperUser module for PrestaShop
📦 What is this software?
Superuser by Idnovate
⚠️ Risk & Real-World Impact
Worst Case
Full administrative takeover of the PrestaShop instance, allowing attackers to modify content, steal customer data, install backdoors, or disrupt operations.
Likely Case
Unauthorized administrative access leading to data theft, website defacement, or installation of malicious code.
If Mitigated
Limited impact with proper network segmentation and monitoring, though authentication bypass remains a critical finding.
🎯 Exploit Status
The vulnerability requires a crafted HTTP call but no authentication, making it relatively easy to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.4.2
Vendor Advisory: https://security.friendsofpresta.org/modules/2023/10/26/superuser.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find SuperUser module. 4. Update to version 2.4.2 or later. 5. Clear PrestaShop cache.
🔧 Temporary Workarounds
Disable SuperUser Module
allTemporarily disable the vulnerable module until patching is possible
Navigate to Modules > Module Manager in PrestaShop admin, find SuperUser, click Disable
Restrict Access via Web Application Firewall
allBlock requests to the vulnerable endpoint
Add WAF rule to block requests containing 'SuperUserSetuserModuleFrontController' in URL
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the PrestaShop admin interface
- Enable detailed logging and monitoring for authentication bypass attempts and unusual admin activity
🔍 How to Verify
Check if Vulnerable:
Check SuperUser module version in PrestaShop admin panel under Modules > Module ManagerCheck Version:
Check version in PrestaShop admin panel or examine module files for version informationVerify Fix Applied:
Confirm SuperUser module version is 2.4.2 or higher in module manager📡 Detection & Monitoring
Log Indicators:
- HTTP requests to SuperUserSetuserModuleFrontController with unusual parameters
- Multiple failed authentication attempts followed by successful admin login from same IP
- Admin logins from unexpected IP addresses or user agents
Network Indicators:
- HTTP POST/GET requests to SuperUser-related endpoints with crafted parameters
- Unusual traffic patterns to admin login pages
SIEM Query:
web.url:*SuperUserSetuserModuleFrontController* AND (http.method:POST OR http.method:GET)