CVE-2024-28390
📋 TL;DR
This vulnerability in the ultimateimagetool module for PrestaShop allows remote attackers to bypass access controls, potentially gaining administrative privileges and accessing sensitive information. It affects PrestaShop installations using the vulnerable module version. Attackers can exploit this without authentication to compromise affected systems.
💻 Affected Systems
- PrestaShop ultimateimagetool module
📦 What is this software?
Ultimateimagetool by Advancedplugins
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with administrative access, data theft, and potential ransomware deployment.
Likely Case
Unauthorized access to sensitive data, privilege escalation to admin, and potential backdoor installation.
If Mitigated
Limited impact with proper network segmentation and strong authentication controls.
🎯 Exploit Status
CVSS 9.8 indicates critical severity with low attack complexity and no authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.01
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find ultimateimagetool module. 4. Update to version 2.2.01 or later. 5. Clear PrestaShop cache.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the ultimateimagetool module until patching is possible
Navigate to PrestaShop admin > Modules > Module Manager > ultimateimagetool > Disable
Restrict module access
allUse web application firewall to block access to ultimateimagetool module endpoints
Add WAF rule to block requests containing '/modules/ultimateimagetool/' in URL
🧯 If You Can't Patch
- Remove the ultimateimagetool module completely from the PrestaShop installation
- Implement strict network segmentation and limit external access to PrestaShop admin interface
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > ultimateimagetoolCheck Version:
Check PrestaShop database: SELECT version FROM ps_module WHERE name = 'ultimateimagetool'Verify Fix Applied:
Confirm ultimateimagetool module version is 2.2.01 or higher in module manager📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to ultimateimagetool module endpoints
- Multiple failed authentication attempts followed by successful admin access
Network Indicators:
- HTTP requests to /modules/ultimateimagetool/ with unusual parameters
- Traffic spikes to PrestaShop admin endpoints
SIEM Query:
source="prestashop" AND (url="/modules/ultimateimagetool/*" OR user_agent="*ultimateimagetool*")