CVE-2023-50029
📋 TL;DR
This CVE describes a critical PHP injection vulnerability in the M4 PDF Extensions module for PrestaShop. Attackers can execute arbitrary code on affected systems via the M4PDF::saveTemplate() method. All PrestaShop installations using vulnerable versions of this third-party module are affected.
💻 Affected Systems
- PrestaShop with M4 PDF Extensions module
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary code, steal sensitive data, install backdoors, or pivot to other systems.
Likely Case
Remote code execution leading to data theft, website defacement, or installation of cryptocurrency miners/malware.
If Mitigated
Limited impact if proper input validation and output encoding are implemented, though the vulnerability would still exist.
🎯 Exploit Status
The vulnerability is in a public method with insufficient input validation, making exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.3.3 or later
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/06/20/m4pdf.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find 'M4 PDF Extensions' module. 4. Update to version 3.3.3 or later. 5. Clear PrestaShop cache.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the M4 PDF Extensions module until patching is possible.
Navigate to PrestaShop admin > Modules > Module Manager > M4 PDF Extensions > Disable
Restrict access to vulnerable endpoint
allUse web application firewall or .htaccess to block access to the vulnerable method.
Add rule to block requests containing 'M4PDF::saveTemplate' in URL or parameters
🧯 If You Can't Patch
- Implement strict input validation and output encoding for all user inputs
- Deploy web application firewall with rules to detect and block PHP injection attempts
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > M4 PDF ExtensionsCheck Version:
Check PrestaShop database: SELECT version FROM ps_module WHERE name = 'm4pdf'Verify Fix Applied:
Confirm module version is 3.3.3 or higher in the module manager📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to M4PDF::saveTemplate method
- PHP execution errors in web server logs
- Suspicious file creation in upload directories
Network Indicators:
- HTTP requests containing PHP code in parameters
- Unusual outbound connections from web server
SIEM Query:
web_access_logs WHERE url CONTAINS 'M4PDF' AND (params CONTAINS 'php://' OR params CONTAINS 'system(')