CVE-2023-45375
published 2023-10-17CVE-2023-45375: In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via…
PriorityP276high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
38.46%
98.4th percentile
In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 01generator | pireospay | < 1.7.10 | 1.7.10 |
Detection & IOCsextracted from sources · hover to see the quote
url/module/pireospay/validation
path/modules/pireospay/
commandajax=true&MerchantReference=1%22;select(0x73656c65637420736c6565702836293b)INTO@a;prepare`b`from@a;execute`b`;--
bytes
0x73656c65637420736c6565702836293b
- →Detect exploitation attempts by monitoring POST requests to /module/pireospay/validation with a MerchantReference parameter containing SQL injection payloads (e.g., time-based sleep via hex-encoded SELECT SLEEP()).
- →Fingerprint vulnerable PrestaShop instances by checking for the presence of /modules/pireospay/ in the HTML body of the homepage response.
- →Time-based SQL injection detection: a response duration >= 6 seconds combined with HTTP 302 and text/html content-type on the validation endpoint indicates successful exploitation.
- →The vulnerable code path is PireosPayValidationModuleFrontController::postProcess() — monitor server-side logs for unsanitized MerchantReference values reaching this controller. ↗
- →Use Shodan to identify internet-exposed PrestaShop instances that may be running the vulnerable pireospay module for proactive scanning.
- ·The SQL injection is exploitable by unauthenticated guests (no authentication required), despite the nuclei template metadata listing PR:L (low privilege). Treat this as a no-auth vulnerability for detection prioritization. ↗
- ·Affected versions are pireospay up to and including 1.7.9; version 1.7.10 and later are patched. Ensure version checks in detection rules target versions < 1.7.10. ↗
- ·The nuclei template uses a two-step flow: first confirming the pireospay module is present, then sending the injection payload. Single-step detections (e.g., WAF rules) should account for both conditions to reduce false positives.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PrestaShop PireosPay - SQL Injection
nuclei·CVSS 8.8
CVE-2023-45375 [HIGH] PrestaShop PireosPay - SQL Injection
PrestaShop PireosPay - SQL Injection
In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.
Template:
id: CVE-2023-45375
info:
name: PrestaShop PireosPay - SQL Injection
author: MaStErChO
severity: high
description: |
In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.
impact: |
Authenticated attackers can execute time-based SQL injection through the MerchantReference parameter in the validation endpoint to extract PrestaShop database information including customer and payment data.
remediation: |
Update PireosPay module to a version newer than 1.7.9 that properly sanitizes SQL parameters in the
No writeups or analysis indexed.
2023-10-17
Published