CVE-2023-47110
📋 TL;DR
CVE-2023-47110 is an improper access control vulnerability in the blockreassurance PrestaShop module that allows attackers to modify any value in the configuration table via an AJAX function. This affects PrestaShop stores using vulnerable versions of the blockreassurance module. Attackers can potentially compromise store configuration and security settings.
💻 Affected Systems
- PrestaShop blockreassurance module
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete store compromise including data theft, defacement, or injection of malicious code leading to customer data breaches.
Likely Case
Unauthorized modification of store configuration settings, potentially disrupting operations or enabling further attacks.
If Mitigated
Limited impact with proper access controls, network segmentation, and monitoring in place.
🎯 Exploit Status
Exploitation requires access to the AJAX endpoint but no authentication, making it relatively simple to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.1.4
Vendor Advisory: https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78
Restart Required: No
Instructions:
1. Access your PrestaShop admin panel. 2. Go to Modules > Module Manager. 3. Search for 'blockreassurance'. 4. Click 'Upgrade' to version 5.1.4 or later. 5. Alternatively, download the latest version from the PrestaShop Addons marketplace and install manually.
🔧 Temporary Workarounds
Disable the module
allTemporarily disable the blockreassurance module until patching is possible.
Restrict access to AJAX endpoints
allImplement web application firewall rules or access controls to restrict access to vulnerable AJAX endpoints.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can access the PrestaShop admin interface and AJAX endpoints.
- Enable comprehensive logging and monitoring for configuration changes and unusual AJAX requests to the blockreassurance module.
🔍 How to Verify
Check if Vulnerable:
Check the module version in PrestaShop admin panel under Modules > Module Manager > blockreassurance.Check Version:
Check the module version in PrestaShop admin interface or examine the module's files for version information.Verify Fix Applied:
Verify the module version is 5.1.4 or later in the module manager.📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX requests to blockreassurance endpoints
- Unexpected configuration changes in PrestaShop
Network Indicators:
- HTTP POST requests to blockreassurance AJAX endpoints from unexpected sources
SIEM Query:
source="web_server" AND (uri="/modules/blockreassurance/ajax.php" OR uri LIKE "%/blockreassurance/%") AND method="POST"