CVE-2024-24308
📋 TL;DR
This SQL injection vulnerability in the Boostmyshop module for PrestaShop allows remote attackers to execute arbitrary SQL commands. Attackers can escalate privileges and access sensitive information from the database. All PrestaShop installations using boostmyshopagent module versions 1.1.9 and earlier are affected.
💻 Affected Systems
- PrestaShop boostmyshopagent module
📦 What is this software?
Boostmyshop by Boostmyshop
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise including administrative account takeover, database exfiltration, and potential remote code execution through database functions.
Likely Case
Privilege escalation to admin level, extraction of customer data, order information, and payment details from the database.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only data leakage without privilege escalation.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized. The specific endpoints mentioned make exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.0 or later
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/02/08/boostmyshopagent.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Search for 'boostmyshopagent'. 4. Click 'Upgrade' to version 1.2.0 or later. 5. Alternatively, download latest version from official source and manually replace files.
🔧 Temporary Workarounds
Disable vulnerable endpoints
allTemporarily block access to the vulnerable PHP files via web server configuration
# For Apache: add to .htaccess
<Files "changeOrderCarrier.php">
Order allow,deny
Deny from all
</Files>
<Files "relayPoint.php">
Order allow,deny
Deny from all
</Files>
<Files "shippingConfirmation.php">
Order allow,deny
Deny from all
</Files>
# For Nginx: add to server block
location ~ /(changeOrderCarrier|relayPoint|shippingConfirmation)\.php$ {
deny all;
return 403;
}
Disable module
allTemporarily disable the boostmyshopagent module
# In PrestaShop admin: Modules > Module Manager > boostmyshopagent > Disable
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SQL injection patterns targeting the vulnerable endpoints
- Restrict network access to PrestaShop admin interface and vulnerable endpoints using IP whitelisting
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin: Modules > Module Manager > boostmyshopagent. If version is 1.1.9 or lower, you are vulnerable.Check Version:
# Check module version via database query
SELECT version FROM ps_module WHERE name = 'boostmyshopagent';Verify Fix Applied:
Confirm module version is 1.2.0 or higher in PrestaShop admin panel under Modules > Module Manager.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in web server logs
- Multiple requests to changeOrderCarrier.php, relayPoint.php, or shippingConfirmation.php with SQL-like parameters
- Admin privilege escalation attempts
Network Indicators:
- SQL injection payloads in HTTP requests to vulnerable endpoints
- Unusual database connection patterns from web server
SIEM Query:
web_access_logs | where url contains "changeOrderCarrier.php" or url contains "relayPoint.php" or url contains "shippingConfirmation.php" | where parameters matches "(?i)(union|select|insert|update|delete|drop|exec|--|#|;|')"