cbcvebase.
CVE-2023-45375
published 2023-10-17

CVE-2023-45375: In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via…

PriorityP276high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
38.46%
98.4th percentile
In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`

Affected

1 ranges
VendorProductVersion rangeFixed in
01generatorpireospay< 1.7.101.7.10

Detection & IOCsextracted from sources · hover to see the quote

url/module/pireospay/validation
path/modules/pireospay/
commandajax=true&MerchantReference=1%22;select(0x73656c65637420736c6565702836293b)INTO@a;prepare`b`from@a;execute`b`;--
bytes
0x73656c65637420736c6565702836293b
  • Detect exploitation attempts by monitoring POST requests to /module/pireospay/validation with a MerchantReference parameter containing SQL injection payloads (e.g., time-based sleep via hex-encoded SELECT SLEEP()).
  • Fingerprint vulnerable PrestaShop instances by checking for the presence of /modules/pireospay/ in the HTML body of the homepage response.
  • Time-based SQL injection detection: a response duration >= 6 seconds combined with HTTP 302 and text/html content-type on the validation endpoint indicates successful exploitation.
  • The vulnerable code path is PireosPayValidationModuleFrontController::postProcess() — monitor server-side logs for unsanitized MerchantReference values reaching this controller.
  • Use Shodan to identify internet-exposed PrestaShop instances that may be running the vulnerable pireospay module for proactive scanning.
  • ·The SQL injection is exploitable by unauthenticated guests (no authentication required), despite the nuclei template metadata listing PR:L (low privilege). Treat this as a no-auth vulnerability for detection prioritization.
  • ·Affected versions are pireospay up to and including 1.7.9; version 1.7.10 and later are patched. Ensure version checks in detection rules target versions < 1.7.10.
  • ·The nuclei template uses a two-step flow: first confirming the pireospay module is present, then sending the injection payload. Single-step detections (e.g., WAF rules) should account for both conditions to reduce false positives.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.