A code injection vulnerability has been discovered in the Cdesigner module for PrestaShop e-commerce platform, specifically in the CdesignerSaverotateModuleFrontController::initContent() function. This vulnerability allows an attacker to execute arbitrary code within the context of the application.
To understand the vulnerability, let's look at the relevant code snippet from the affected module
public function initContent() {
$id_product = Tools::getValue('id_product');
$rotate = Tools::getValue('rotate');
$layer = Tools::getValue('layer');
if((int)$id_product > ) {
...
if($rotate && $layer) {
...
$vals = array($rotate, $layer);
...
call_user_func_array(array($this, 'insert_rotate_data'), $vals);
}
...
}
}
The vulnerable code can be found in the initContent() function of the CdesignerSaverotateModuleFrontController class. As shown in the code snippet, the variables id_product, rotate, and layer are obtained from the user-supplied input without proper validation or sanitization.
This can potentially allow an attacker to inject arbitrary code into $rotate and $layer variables, and execute this code within the context of the application when "call_user_func_array" is executed.
Exploit Details
To exploit this vulnerability, an attacker can send a specially crafted HTTP request with malicious code to the affected PrestaShop installation:
POST /index.php?fc=module&module=cdesignersaverotate&controller=cdesignersaverotate&id_product={ProductId}&rotate=1;}maliciousCode();{//&layer=1 HTTP/1.1
Host: target-site
Content-Type: application/x-www-form-urlencoded
Content-Length:
References
- Official PrestaShop GitHub Repository
- PrestaShop Security Advisory
Mitigation
The developers behind the PrestaShop Cdesigner module are currently working on a patch to address this vulnerability. In the meantime, PrestaShop users should take the following steps to mitigate the potential exploit:
Implement strict input validation and sanitization for user-supplied data in the affected function.
3. Regularly check the official PrestaShop and Cdesigner module websites for any security updates and patches.
It is essential to perform these actions to protect your e-commerce platform from potential security threats and to maintain the trust of your customers.
Stay tuned for the release of the official patch to resolve this vulnerability.
Timeline
Published on: 04/07/2023 21:15:00 UTC
Last modified on: 04/13/2023 18:38:00 UTC