CVE-2024-25842
📋 TL;DR
This vulnerability in the Presta World 'Account Manager - Sales Representative & Dealers - CRM' module for PrestaShop allows remote attackers to escalate privileges and access sensitive information through insecure uploadLogo() and postProcess methods. It affects PrestaShop installations using the prestasalesmanager module before version 9.0. Attackers can potentially gain unauthorized access to administrative functions and confidential data.
💻 Affected Systems
- Presta World Account Manager - Sales Representative & Dealers - CRM (prestasalesmanager) module for PrestaShop
📦 What is this software?
Account Manager by Prestaworld
⚠️ Risk & Real-World Impact
Worst Case
Full administrative takeover of the PrestaShop instance, allowing complete control over the e-commerce platform, customer data theft, and potential injection of malicious code.
Likely Case
Privilege escalation leading to unauthorized access to sensitive CRM data, manipulation of sales representative accounts, and potential data exfiltration.
If Mitigated
Limited impact with proper access controls, network segmentation, and monitoring in place, though the vulnerability still exists.
🎯 Exploit Status
Exploitation requires access to the module's functionality, but specific authentication requirements are not detailed in the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.0
Vendor Advisory: https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-prestasalesmanager.md
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Search for 'Account Manager - Sales Representative & Dealers - CRM'. 4. Click 'Upgrade' to version 9.0 or later. 5. Alternatively, download version 9.0+ from the PrestaShop Addons marketplace and manually install.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the prestasalesmanager module until patching is possible
Log into PrestaShop admin > Modules > Module Manager > Search for 'Account Manager' > Click 'Disable'
Restrict module access
allUse web application firewall rules to restrict access to the module's endpoints
Add WAF rules to block/restrict access to paths containing 'prestasalesmanager' or module-specific URLs
🧯 If You Can't Patch
- Implement strict access controls and monitor all activity related to the prestasalesmanager module
- Deploy a web application firewall with rules specifically targeting the uploadLogo() and postProcess methods
🔍 How to Verify
Check if Vulnerable:
Check the module version in PrestaShop admin panel: Modules > Module Manager > Search for 'Account Manager - Sales Representative & Dealers - CRM' and check version numberCheck Version:
No direct CLI command; check via PrestaShop admin interface or examine module files for version metadataVerify Fix Applied:
Confirm module version is 9.0 or higher in the module manager interface📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads via module endpoints
- Unauthorized access attempts to prestasalesmanager functionality
- Privilege escalation attempts in user logs
Network Indicators:
- HTTP requests to prestasalesmanager endpoints with unexpected parameters
- File uploads to module-specific upload handlers
SIEM Query:
web_access_logs WHERE url CONTAINS 'prestasalesmanager' AND (url CONTAINS 'uploadLogo' OR url CONTAINS 'postProcess')