CVE-2023-50030
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform blind SQL injection attacks on PrestaShop installations using the vulnerable Jms Setting module. Attackers can potentially extract, modify, or delete database content. All PrestaShop sites using the affected Jms Setting module are at risk.
💻 Affected Systems
- PrestaShop with Jms Setting module
📦 What is this software?
Jmssetting by Joommasters
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to remote code execution chaining.
Likely Case
Database information disclosure including customer data, admin credentials, and sensitive business information.
If Mitigated
Limited impact with proper input validation and database user privilege restrictions in place.
🎯 Exploit Status
Exploitation requires only HTTP requests. Public exploit details available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: > 1.1.0
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/01/16/jmssetting.html
Restart Required: No
Instructions:
1. Update Jms Setting module to latest version. 2. Remove any older vulnerable versions. 3. Verify module functionality after update.
🔧 Temporary Workarounds
Disable Jms Setting Module
allTemporarily disable the vulnerable module until patching is possible
Navigate to PrestaShop admin > Modules > Module Manager > Disable Jms Setting
Web Application Firewall Rules
allImplement WAF rules to block SQL injection patterns targeting the vulnerable endpoint
Add WAF rule: Block requests containing SQL injection patterns to /modules/jmssetting/ endpoints
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries at application level
- Restrict database user permissions to minimum required privileges
🔍 How to Verify
Check if Vulnerable:
Check PrestaShop admin panel > Modules > Module Manager for Jms Setting version <= 1.1.0Check Version:
Check modules/jmssetting/jmssetting.php for version informationVerify Fix Applied:
Confirm Jms Setting module version is > 1.1.0 in module manager📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- HTTP requests to /modules/jmssetting/ with SQL patterns
- Multiple failed login attempts following suspicious requests
Network Indicators:
- HTTP POST/GET requests containing SQL keywords (UNION, SELECT, etc.) to vulnerable endpoints
- Abnormal database connection patterns
SIEM Query:
source="web_logs" AND (uri="/modules/jmssetting/*" AND (content="UNION" OR content="SELECT" OR content="INSERT" OR content="DELETE"))