CVE-2024-25847
📋 TL;DR
This SQL injection vulnerability in MyPrestaModules' Product Catalog Import module for PrestaShop allows attackers to execute arbitrary SQL commands. Attackers can escalate privileges, access sensitive data, and potentially take over affected systems. All PrestaShop installations using vulnerable versions of the simpleimportproduct module are affected.
💻 Affected Systems
- MyPrestaModules Product Catalog (CSV, Excel) Import (simpleimportproduct)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise including database takeover, privilege escalation to admin, data exfiltration, and potential remote code execution.
Likely Case
Unauthorized data access, privilege escalation to gain administrative access, and potential data manipulation.
If Mitigated
Limited impact with proper input validation and parameterized queries in place.
🎯 Exploit Status
Exploitation requires access to the module's import functionality, which typically requires some level of authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.5.1 or later
Vendor Advisory: https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-simpleimportproduct.md
Restart Required: No
Instructions:
1. Update the simpleimportproduct module to version 6.5.1 or later. 2. Log into PrestaShop admin panel. 3. Navigate to Modules > Module Manager. 4. Find 'Product Catalog (CSV, Excel) Import' module. 5. Click 'Update' or upload the patched version.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the simpleimportproduct module until patched
Navigate to PrestaShop admin > Modules > Module Manager > Disable 'Product Catalog (CSV, Excel) Import'
Restrict module access
allLimit access to the import functionality to trusted administrators only
Configure PrestaShop user permissions to restrict access to import features
🧯 If You Can't Patch
- Disable the simpleimportproduct module immediately
- Implement web application firewall rules to block SQL injection patterns
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > Product Catalog (CSV, Excel) ImportCheck Version:
Check the module version in PrestaShop admin interface or examine /modules/simpleimportproduct/simpleimportproduct.php fileVerify Fix Applied:
Confirm module version is 6.5.1 or later in the module manager📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed import attempts
- Unexpected privilege changes in user tables
Network Indicators:
- Unusual POST requests to import endpoints
- SQL error messages in HTTP responses
SIEM Query:
source="web_logs" AND (uri="/admin*import*" OR uri="*simpleimportproduct*") AND (status=500 OR message="*SQL*" OR message="*syntax*")