CVE-2023-46350
📋 TL;DR
This SQL injection vulnerability in the InnovaDeluxe 'Manufacturer or supplier alphabetical search' module for PrestaShop allows remote attackers to execute arbitrary SQL commands. Attackers can escalate privileges, access sensitive database information, and potentially take full control of affected PrestaShop installations. All PrestaShop sites using vulnerable versions of the idxrmanufacturer module are affected.
💻 Affected Systems
- InnovaDeluxe idxrmanufacturer module for PrestaShop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the PrestaShop installation including administrative access, database exfiltration, and potential server takeover through SQL injection leading to remote code execution.
Likely Case
Unauthorized access to sensitive customer data (personal information, payment details), privilege escalation to admin accounts, and database manipulation.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection, though the vulnerable code remains present.
🎯 Exploit Status
SQL injection vulnerabilities in PrestaShop modules are frequently exploited in the wild. The specific methods mentioned are publicly documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.5 or later
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/02/08/idxrmanufacturer.html
Restart Required: No
Instructions:
1. Update the idxrmanufacturer module to version 2.0.5 or later through the PrestaShop back office. 2. Alternatively, download the patched version from the module developer and manually replace the files. 3. Clear PrestaShop cache after update.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the idxrmanufacturer module to prevent exploitation while planning permanent fix.
Navigate to PrestaShop back office > Modules > Module Manager > Find 'idxrmanufacturer' > Click Disable
Web Application Firewall rules
allImplement WAF rules to block SQL injection patterns targeting the vulnerable endpoints.
Add WAF rules to block SQL injection patterns in requests to modules/idxrmanufacturer/ endpoints
🧯 If You Can't Patch
- Immediately disable the idxrmanufacturer module through PrestaShop administration interface.
- Implement network-level restrictions to limit access to the vulnerable endpoints to trusted IP addresses only.
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop back office: Modules > Module Manager > Find 'idxrmanufacturer' and check version number.Check Version:
No direct command line check. Must check through PrestaShop administration interface.Verify Fix Applied:
Confirm module version is 2.0.5 or later in the module manager. Test the manufacturer/supplier search functionality to ensure it works without errors.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by successful admin access
- Requests to idxrmanufacturer module endpoints with SQL syntax in parameters
Network Indicators:
- HTTP requests containing SQL keywords (UNION, SELECT, INSERT) targeting /modules/idxrmanufacturer/ endpoints
- Unusual outbound database connections from web server
SIEM Query:
web.url:*idxrmanufacturer* AND (web.uri.query:*UNION* OR web.uri.query:*SELECT* OR web.uri.query:*INSERT*)