CVE-2024-28396
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running MyPrestaModules ordersexport version 6.0.2 and earlier. Attackers can exploit the download.php component to achieve remote code execution. This affects PrestaShop websites using the vulnerable ordersexport module.
💻 Affected Systems
- MyPrestaModules ordersexport
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.
Likely Case
Website defacement, data theft, or installation of backdoors for persistent access.
If Mitigated
Limited impact with proper web application firewalls and restricted file permissions.
🎯 Exploit Status
Based on CWE-94 (Code Injection) and remote execution capability, exploitation is straightforward for attackers with web access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.0.3 or later
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/03/14/ordersexport.html
Restart Required: No
Instructions:
1. Log into PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find 'ordersexport' module. 4. Update to version 6.0.3 or later from the PrestaShop Addons marketplace. 5. Clear cache if necessary.
🔧 Temporary Workarounds
Disable download.php access
allBlock access to the vulnerable download.php file via web server configuration.
# For Apache: add to .htaccess
<Files "download.php">
Order Allow,Deny
Deny from all
</Files>
# For Nginx: add to server block
location ~ /download\.php$ {
deny all;
return 403;
}
Remove vulnerable module
allTemporarily uninstall the ordersexport module until patched.
# Via PrestaShop admin: Modules > Module Manager > ordersexport > Uninstall
🧯 If You Can't Patch
- Implement strict web application firewall rules to block suspicious requests to download.php.
- Restrict network access to the PrestaShop instance to trusted IP addresses only.
🔍 How to Verify
Check if Vulnerable:
Check the module version in PrestaShop admin panel under Modules > Module Manager > ordersexport. If version is 6.0.2 or earlier, you are vulnerable.Check Version:
# Check via PrestaShop database:
SELECT version FROM ps_module WHERE name = 'ordersexport';Verify Fix Applied:
Confirm module version shows 6.0.3 or later in the admin panel after update.📡 Detection & Monitoring
Log Indicators:
- Unusual POST/GET requests to download.php with suspicious parameters
- Unexpected file writes or command execution in web server logs
Network Indicators:
- HTTP requests to /modules/ordersexport/download.php with unusual parameters
- Outbound connections from web server to unknown IPs
SIEM Query:
web.url = "*download.php*" AND (web.query contains "cmd" OR web.query contains "system" OR web.query contains "exec")🔗 References
- https://addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html
- https://security.friendsofpresta.org/modules/2024/03/14/ordersexport.html
- https://addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html
- https://security.friendsofpresta.org/modules/2024/03/14/ordersexport.html
