CVE-2023-27034
published 2023-03-23CVE-2023-27034: PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
58.74%
99.0th percentile
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joommasters | jms_blog | — | — |
| joommasters | jms_blog | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/module/jmsblog/index.php?action=submitComment&controller=post&fc=module&module=jmsblog&post_id=1
command0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z
- →Detect exploitation attempts by monitoring POST requests to the jmsblog submitComment endpoint with a time-based SQL injection payload in the `email` form field (sleep-based, duration >= 6 seconds indicates successful injection).
- →The attack uses a multipart/form-data POST with the SQL injection payload placed specifically in the `email` field of the comment submission form, not in the URL query string.
- →Requests include the custom header `X-Requested-With: XMLHttpRequest`, which can be used as an additional filter when hunting for exploitation attempts in web logs.
- →Initial reconnaissance step checks for the string 'jmsblog' in the HTTP response body of the target homepage before launching the injection; correlate a GET / followed by a POST to the jmsblog endpoint from the same source IP.
- →The vulnerability is a Time Based SQL injection; a response duration of 6 or more seconds to the submitComment endpoint is a strong indicator of active exploitation.
- ·The vulnerable module (jmsblog) version is 2.5.5; only PrestaShop installations with this specific module version are affected. Verify module presence before treating detections as true positives. ↗
- ·The Nuclei template uses a 20-second timeout for the injection request; detection rules based on response time should account for network latency and set thresholds accordingly (payload sleeps for 6 seconds).
- ·The module is primarily distributed bundled with Joommasters PrestaShop themes, meaning affected shops may not have explicitly installed the module independently — widen scope of asset inventory checks.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7jr7-v6gv-m656: PrestaShop jmsblog 2
ghsa_unreviewed·2023-03-24
CVE-2023-27034 [CRITICAL] CWE-89 GHSA-7jr7-v6gv-m656: PrestaShop jmsblog 2
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
VulnCheck
joommasters jms_blog Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2023·CVSS 9.8
CVE-2023-27034 [CRITICAL] joommasters jms_blog Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
joommasters jms_blog Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
Affected: joommasters jms_blog
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-06-22&host_type=src&vulnerability=cve-2023-27034; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-06-28&host_type=src&vulnerability=cve-2023-27034; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-07-02&host_type=src&vulnerability=cve-2023-2703
No detection rules found.
Nuclei
Jms Blog - SQL Injection
nuclei·CVSS 9.8
CVE-2023-27034 [CRITICAL] Jms Blog - SQL Injection
Jms Blog - SQL Injection
The module Jms Blog (jmsblog) from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes
Template:
id: CVE-2023-27034
info:
name: Jms Blog - SQL Injection
author: MaStErChO
severity: critical
description: |
The module Jms Blog (jmsblog) from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire application and its underlying infrastructure.
remediation: |
Upgrade to the latest version to mi
2023-03-23
Published
Exploited in the wild