CVE-2024-24309 – This vulnerability in the Ecomiz Survey TMA mod... (How to Fix)

Q: What is the severity of CVE-2024-24309?

CVE-2024-24309 has a CVSS score of 7.5 (HIGH). This vulnerability in the Ecomiz Survey TMA module for PrestaShop allows unauthenticated guests to download personal information without authorization. It affects all PrestaShop installations using ecomiz_survey_tma version 2.0.0 or earlier. The exposure of personal data violates privacy regulations and could lead to identity theft or targeted attacks.

📋 TL;DR

This vulnerability in the Ecomiz Survey TMA module for PrestaShop allows unauthenticated guests to download personal information without authorization. It affects all PrestaShop installations using ecomiz_survey_tma version 2.0.0 or earlier. The exposure of personal data violates privacy regulations and could lead to identity theft or targeted attacks.

💻 Affected Systems

Products:

Ecomiz Survey TMA module for PrestaShop

Versions: Up to and including version 2.0.0

Operating Systems: All platforms running PrestaShop

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects PrestaShop installations with the ecomiz_survey_tma module installed and enabled.

📦 What is this software?

Survey Tma by Ecomiz

View all CVEs affecting Survey Tma →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass exfiltration of all customer personal data stored through the survey module, leading to regulatory fines, reputational damage, and identity theft for affected individuals.

🟠

Likely Case

Unauthorized access to personal information of survey respondents, potentially including names, email addresses, and other submitted data.

🟢

If Mitigated

Limited exposure if minimal personal data is collected through surveys or if the module is not actively used.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and appears to be a direct information disclosure issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.0.1 or later

Vendor Advisory: https://security.friendsofpresta.org/modules/2024/02/20/ecomiz_survey_tma.html

Restart Required: No

Instructions:

1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find 'Survey TMA' module. 4. Click 'Upgrade' to version 2.0.1 or later. 5. If upgrade not available, uninstall and reinstall latest version from Ecomiz.

🔧 Temporary Workarounds

Disable Survey TMA Module

all

Temporarily disable the vulnerable module until patched

Navigate to PrestaShop admin > Modules > Module Manager > Survey TMA > Disable

Restrict Access via .htaccess

linux

Block access to survey module directories

Add 'Deny from all' to .htaccess in ecomiz_survey_tma module directory

🧯 If You Can't Patch

Disable the ecomiz_survey_tma module immediately
Implement network-level restrictions to block external access to the PrestaShop instance

🔍 How to Verify

Check if Vulnerable:

Check PrestaShop admin panel > Modules > Module Manager for ecomiz_survey_tma version 2.0.0 or earlier

Check Version:

Check version in PrestaShop admin panel or examine modules/ecomiz_survey_tma/ directory for version file

Verify Fix Applied:

Confirm module version is 2.0.1 or later in PrestaShop admin

📡 Detection & Monitoring

Log Indicators:

Unusual download requests to survey-related endpoints from unauthenticated users
Multiple GET requests to survey data endpoints from single IPs

Network Indicators:

HTTP requests to /modules/ecomiz_survey_tma/ endpoints without authentication cookies

SIEM Query:

source="web_server" AND (uri="/modules/ecomiz_survey_tma/*" OR user_agent="*survey*") AND status=200 AND auth_cookie=null

📊 Metadata

CVE ID: CVE-2024-24309

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-200

Published: February 23, 2024

Last Updated: May 8, 2025

🔗 References

https://security.friendsofpresta.org/modules/2024/02/20/ecomiz_survey_tma.html Patch,Third Party Advisory
https://www.ecomiz.com/ Product
https://security.friendsofpresta.org/modules/2024/02/20/ecomiz_survey_tma.html Patch,Third Party Advisory
https://www.ecomiz.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24309, you might also want to check these: