cbcvebase.
CVE-2023-27034
published 2023-03-23

CVE-2023-27034: PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.

PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
58.74%
99.0th percentile
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
joommastersjms_blog
joommastersjms_blog

Detection & IOCsextracted from sources · hover to see the quote

url/module/jmsblog/index.php?action=submitComment&controller=post&fc=module&module=jmsblog&post_id=1
command0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z
  • Detect exploitation attempts by monitoring POST requests to the jmsblog submitComment endpoint with a time-based SQL injection payload in the `email` form field (sleep-based, duration >= 6 seconds indicates successful injection).
  • The attack uses a multipart/form-data POST with the SQL injection payload placed specifically in the `email` field of the comment submission form, not in the URL query string.
  • Requests include the custom header `X-Requested-With: XMLHttpRequest`, which can be used as an additional filter when hunting for exploitation attempts in web logs.
  • Initial reconnaissance step checks for the string 'jmsblog' in the HTTP response body of the target homepage before launching the injection; correlate a GET / followed by a POST to the jmsblog endpoint from the same source IP.
  • The vulnerability is a Time Based SQL injection; a response duration of 6 or more seconds to the submitComment endpoint is a strong indicator of active exploitation.
  • ·The vulnerable module (jmsblog) version is 2.5.5; only PrestaShop installations with this specific module version are affected. Verify module presence before treating detections as true positives.
  • ·The Nuclei template uses a 20-second timeout for the injection request; detection rules based on response time should account for network latency and set thresholds accordingly (payload sleeps for 6 seconds).
  • ·The module is primarily distributed bundled with Joommasters PrestaShop themes, meaning affected shops may not have explicitly installed the module independently — widen scope of asset inventory checks.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.