CVE-2023-40921

Vulnerability

An SQL injection vulnerability exists in the functions/point_list.php file of the soliberte module for PrestaShop, affecting versions >= 4.0.0 and < 4.3.03 [1]. The lat and lng parameters are not properly sanitized before being used in a SQL query, allowing an attacker to inject arbitrary SQL commands. The vulnerable code path is reachable via a simple HTTP GET or POST request without any authentication or user interaction [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable endpoint with malicious SQL payloads in the lat or lng parameters. No authentication or prior access is required, and the attack complexity is low [1]. The injection occurs in a SQL call that calculates distances based on latitude and longitude, but the unsanitized input allows the attacker to manipulate the query structure [1].

Impact

Successful exploitation can lead to full compromise of the affected PrestaShop instance. The attacker can extract sensitive data (including technical and personal information), obtain administrative access, delete all data, or display sensitive database tables to the front-end [1]. The CVSS v3.1 base score is 9.8 (Critical) with impacts on confidentiality, integrity, and availability all rated as high [1].

Mitigation

The vulnerability is fixed in version 4.3.03 of the soliberte module, released on 2023-12-12 [1]. Users should upgrade to this version immediately. The fix involves casting the lat and lng parameters to float before using them in the SQL query, as shown in the patch diff [1]. No workarounds are documented; upgrading is the recommended action.