CVE-2023-30150
published 2023-06-14CVE-2023-30150: PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.85%
88.8th percentile
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| leotheme | leocustomajax | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /modules/leocustomajax/leoajax.php?rand={{random_id}} — body: leoajax=1&pro_add=if(now()=sysdate()%2Csleep(6)%2C0)
commandGET /modules/leocustomajax/leoajax.php?cat_list=(SELECT(0)FROM(SELECT(SLEEP(6)))a)
- →Detect exploitation attempts by monitoring POST requests to /modules/leocustomajax/leoajax.php containing time-based SQL injection payloads in the 'pro_add' parameter (e.g., sleep(), sysdate()).
- →Detect exploitation attempts via GET requests to /modules/leocustomajax/leoajax.php with SQL injection payloads in the 'cat_list' parameter (e.g., SLEEP-based blind SQLi).
- →Fingerprint the presence of the vulnerable module by checking for the existence of /modules/leocustomajax/leocustomajax.js and response body containing 'processajax', 'leoajax', 'leocustomajax.css', or 'leosearch'.
- →Use Shodan query 'http.component:"Prestashop"' to identify potentially exposed PrestaShop instances for proactive scanning.
- →Time-based detection: a response duration >= 6 seconds on the POST or GET SQLi request, combined with expected response body/status, confirms successful exploitation.
- ·The vulnerability affects only leocustomajax versions 1.0 and 1.0.0; other versions are not confirmed vulnerable. ↗
- ·The Nuclei template uses a two-step flow: step 1 confirms module presence before step 2 fires the SQLi payload, reducing false positives.
- ·The exploit requires no authentication (PR:N, UI:N) and is remotely exploitable over the network, making it trivially weaponizable.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7m62-f679-5q77: PrestaShop leocustomajax 1
ghsa_unreviewed·2023-06-14
CVE-2023-30150 [CRITICAL] CWE-89 GHSA-7m62-f679-5q77: PrestaShop leocustomajax 1
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
VulnCheck
leotheme leocustomajax Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2023·CVSS 9.8
CVE-2023-30150 [CRITICAL] leotheme leocustomajax Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
leotheme leocustomajax Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
Affected: leotheme leocustomajax
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2023-30150
No detection rules found.
Nuclei
PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection
nuclei·CVSS 9.8
CVE-2023-30150 [CRITICAL] PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection
PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
Template:
id: CVE-2023-30150
info:
name: PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection
author: mastercho
severity: critical
description: |
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the PrestaShop application and its underlying database.
remediation: |
Apply the latest security patch or upgrade to a patched version of PrestaShop leocustomajax plugin to mitigate the SQL Injection vulnerability.
reference:
- https://security.f
No writeups or analysis indexed.
2023-06-14
Published
Exploited in the wild