CVE-2024-41651 – This vulnerability in PrestaShop allows remote ... (How to Fix)

Q: What is the severity of CVE-2024-41651?

CVE-2024-41651 has a CVSS score of 8.1 (HIGH). This vulnerability in PrestaShop allows remote code execution through the module upgrade functionality. It affects PrestaShop versions 8.1.7 and earlier. Exploitation requires an attacker to hijack network requests from an admin user who has legitimate code modification privileges.

📋 TL;DR

This vulnerability in PrestaShop allows remote code execution through the module upgrade functionality. It affects PrestaShop versions 8.1.7 and earlier. Exploitation requires an attacker to hijack network requests from an admin user who has legitimate code modification privileges.

💻 Affected Systems

Products:

PrestaShop

Versions: 8.1.7 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Exploitation requires admin user interaction and network request hijacking capability.

📦 What is this software?

Prestashop by Prestashop

View all CVEs affecting Prestashop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise with arbitrary code execution, data theft, and complete system control.

🟠

Likely Case

Limited code execution within the PrestaShop context, potentially leading to data manipulation or privilege escalation.

🟢

If Mitigated

No impact if proper network segmentation and admin user protections are in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires social engineering or network position to intercept admin requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.1.8 or later

Vendor Advisory: https://github.com/PrestaShop/PrestaShop/security/advisories

Restart Required: No

Instructions:

1. Backup your PrestaShop installation and database. 2. Update to PrestaShop 8.1.8 or later via the admin panel or manual upgrade. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit admin panel access to trusted networks only

Configure firewall rules to restrict access to admin paths

Disable Module Updates

all

Temporarily disable module upgrade functionality

Modify PrestaShop configuration to disable module updates

🧯 If You Can't Patch

Implement strict network segmentation to isolate admin interfaces
Enforce HTTPS with certificate pinning for all admin sessions

🔍 How to Verify

Check if Vulnerable:

Check PrestaShop version in admin panel or via configuration files

Check Version:

Check /app/config/parameters.php or admin panel dashboard

Verify Fix Applied:

Confirm version is 8.1.8 or later and test module upgrade functionality

📡 Detection & Monitoring

Log Indicators:

Unusual module upgrade attempts
Suspicious admin panel activity patterns

Network Indicators:

Unexpected outbound connections during module updates
Unusual traffic to module repositories

SIEM Query:

source="prestashop" AND (event="module_upgrade" OR event="admin_action") AND status="success"

📊 Metadata

CVE ID: CVE-2024-41651

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: August 12, 2024

Last Updated: October 9, 2024

🔗 References

https://github.com/Fckroun/CVE-2024-41651/tree/main Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41651, you might also want to check these: