CVE-2024-33836
📋 TL;DR
This vulnerability allows unauthenticated users (guests) to upload PHP files through the JA Marketplace module for PrestaShop. Attackers can exploit this to execute arbitrary code on affected servers, potentially taking full control. All PrestaShop installations using vulnerable versions of the JA Marketplace module are affected.
💻 Affected Systems
- JA Marketplace module for PrestaShop
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data theft, malware deployment, and lateral movement within the network.
Likely Case
Webshell installation allowing persistent access, data exfiltration, and further exploitation of the e-commerce platform.
If Mitigated
If proper file upload restrictions and web application firewalls are in place, exploitation attempts would be blocked, limiting impact to failed attacks.
🎯 Exploit Status
Exploitation requires only web access and knowledge of vulnerable endpoints; no authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 9.0.2 or later
Vendor Advisory: https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-06-18-jamarketplace.md
Restart Required: No
Instructions:
1. Update JA Marketplace module to version 9.0.2 or later. 2. Remove any previously uploaded suspicious PHP files. 3. Clear PrestaShop cache.
🔧 Temporary Workarounds
Restrict PHP file uploads via .htaccess
linuxBlock PHP file uploads at web server level
Add to .htaccess: <FilesMatch "\.php$">
Order Allow,Deny
Deny from all
</FilesMatch>
Disable vulnerable module
allTemporarily disable JA Marketplace module until patched
Access PrestaShop admin panel > Modules > Module Manager > Disable JA Marketplace
🧯 If You Can't Patch
- Implement strict file upload validation at application level to reject PHP extensions
- Deploy web application firewall with file upload protection rules
🔍 How to Verify
Check if Vulnerable:
Check JA Marketplace module version in PrestaShop admin panel under Modules > Module ManagerCheck Version:
No CLI command; check via PrestaShop admin interfaceVerify Fix Applied:
Confirm module version is 9.0.2 or later and test file upload functionality with PHP files📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with .php extension
- Access to uploaded PHP files in unexpected locations
- Increased POST requests to marketplace upload endpoints
Network Indicators:
- POST requests to /module/jamarketplace/upload endpoints with PHP file content
- Subsequent requests to uploaded PHP files
SIEM Query:
source="web_logs" AND (uri="/module/jamarketplace/*" AND method="POST" AND file_extension="php")