cbcvebase.
CVE-2023-27847
published 2023-03-27

CVE-2023-27847: SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.71%
90.7th percentile
SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components.

Affected

1 ranges
VendorProductVersion rangeFixed in
xipblog_projectxipblog<= 2.0.1

Detection & IOCsextracted from sources · hover to see the quote

url/module/xipblog/archive?id=1&page_type=category&rewrite=news&subpage_type=post"+AND+(SELECT+5728+FROM+(SELECT(SLEEP(5)))AuDU)--+lafl
url/module/xipblog/archive?id=1&page_type=category&rewrite=news&subpage_type=post"+AND+5484=5484--+xhCs
url/module/xipblog/archive?id=1&page_type=category&rewrite=news&subpage_type=post"+AND+5484=5485--+xhCs
url/module/xipblog/archive?id=1&page_type=category&rewrite=news&subpage_type=post"+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999)),NULL,NULL--+-
path/module/xipblog/archive
othershodan: html:"/xipblog"
  • Time-based blind SQLi: inject SLEEP(5) payload into the `subpage_type` parameter of /module/xipblog/archive and check for response duration >= 5 seconds with HTTP status != 404.
  • Boolean-based blind SQLi confirmation: a true condition (5484=5484) returns body containing `kr_blog_post_area`; a false condition (5484=5485) does not — use this differential to confirm injection.
  • Union-based SQLi: a 26-column UNION SELECT with CONCAT(md5(...)) in column 27 confirms data exfiltration when the md5 hash appears in the response body.
  • Vulnerable endpoint is accessible by anonymous (unauthenticated) users; no authentication is required to exploit the injection in the `subpage_type` GET parameter.
  • Presence of the string `xipblog` in page body (e.g. via Shodan `html:"/xipblog"`) can be used to fingerprint potentially vulnerable PrestaShop instances before probing.
  • Vulnerable components are `xipcategoryclass` and `xippostsclass` within the xipblog PrestaShop module; monitor SQL query logs for anomalous queries originating from these class contexts.
  • ·The patched version still carries the version number 2.0.1 — version-based detection alone cannot distinguish vulnerable from patched installations; behavioral/code-level checks are required.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.