CVE-2023-46356
📋 TL;DR
This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on PrestaShop installations using the CSV Feeds PRO module. Attackers can potentially read, modify, or delete database content, affecting all PrestaShop sites running vulnerable versions of this module.
💻 Affected Systems
- CSV Feeds PRO module for PrestaShop
📦 What is this software?
Csv Feeds Pro by Blmodules
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, privilege escalation, and potential remote code execution via database functions.
Likely Case
Data exfiltration of sensitive information including customer data, order details, and administrative credentials stored in the database.
If Mitigated
Limited impact if proper input validation and parameterized queries are implemented, restricting SQL injection to non-sensitive data.
🎯 Exploit Status
Exploitation requires only HTTP access to the vulnerable endpoint with crafted SQL injection payloads.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.1
Vendor Advisory: https://security.friendsofpresta.org/modules/2023/10/26/csvfeeds-89.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find CSV Feeds PRO module. 4. Update to version 2.6.1 or later. 5. Clear cache if applicable.
🔧 Temporary Workarounds
Disable CSV Feeds PRO Module
allTemporarily disable the vulnerable module until patching is possible.
Web Application Firewall Rules
allImplement WAF rules to block SQL injection patterns targeting the vulnerable endpoint.
🧯 If You Can't Patch
- Implement network-level restrictions to limit access to the vulnerable endpoint to trusted IPs only.
- Deploy a web application firewall with SQL injection detection rules specifically for the CSV Feeds PRO endpoints.
🔍 How to Verify
Check if Vulnerable:
Check the module version in PrestaShop admin panel under Modules > Module Manager > CSV Feeds PRO. If version is below 2.6.1, the system is vulnerable.Check Version:
No direct command; check via PrestaShop admin interface or examine module files for version metadata.Verify Fix Applied:
Confirm module version is 2.6.1 or higher in the PrestaShop admin panel. Test the vulnerable endpoint with safe SQL injection test payloads to ensure they are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in web server logs
- Multiple requests to /modules/csvfeeds/ endpoints with SQL keywords
- High volume of database errors from single IP addresses
Network Indicators:
- HTTP requests containing SQL injection patterns targeting CSV Feeds PRO endpoints
- Unusual database query patterns from web application servers
SIEM Query:
source="web_server_logs" AND (uri="*csvfeeds*" AND (query="*UNION*" OR query="*SELECT*" OR query="*INSERT*" OR query="*DELETE*" OR query="*--*"))