External risk intelligence

ndk-design NdkAdvancedCustomizationFields SSRF Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2022-40842

This vulnerability affects a plugin for PrestaShop, an e-commerce platform. Such applications are typically deployed as internet-facing web storefronts, making the underlying plugins and their scripts, such as the identified PHP file, reachable and accessible to remote users over the public internet.

Server-Side Request Forgery

Ndk Design Ndkadvancedcustomizationfields

3.5.0 and earlier

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in a component of the NDK Advanced Customization Fields for PrestaShop, specifically versions up to 3.5.0. This flaw, a server-side request forgery, allows for unauthenticated external access to internal resources. The main concern is confirming the relevance and exposure of this issue within our environment.

  • Unauthenticated access to internal resources.
  • Affects e-commerce platform components.
  • Confirm relevance and exposure.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending a crafted request to the `rotateimg.php` script, which is accessible over the network. This script is part of the NdkAdvancedCustomizationFields module for PrestaShop. By manipulating the request, an attacker could trick the server into making requests to arbitrary internal or external resources. This could potentially lead to the disclosure of sensitive information or the manipulation of resources, depending on the server's configuration and network environment.

  • No authentication needed.
  • Attacker triggers vulnerable script.
  • Server-side request forgery.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to make requests to arbitrary internal or external resources on behalf of the affected server. This may expose sensitive system information or impact the availability of the service when the rotateimg.php script is accessed.

  • System requests to network resources.
  • Unauthenticated access to rotateimg.php.
  • Exposure of system data or denial of service.

Operational Fix

Recommended remediation, mitigation, and detection steps

Real-world response requires identifying where NdkAdvancedCustomizationFields is deployed and assessing its exposure, likely involving platform or application owners. The first practical step is to locate instances of this technology, confirm its reachability and business criticality, and then determine the accountable owner to plan remediation based on risk.

  • Platform or application owners should lead remediation.
  • Verify external reachability and business impact.
  • Plan vendor coordination for a fix.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is NdkAdvancedCustomizationFields?

It is a software module, or plugin, designed for PrestaShop. PrestaShop is a widely used e-commerce platform that allows store owners to manage their online catalogs and customer interactions. This specific component is used to add custom fields to products, and versions up to 3.5.0 are affected by the vulnerability.

What does Server-side request forgery (SSRF) mean for CVE-2022-40842?

This vulnerability, classified as CWE-918, happens when a web server can be tricked into sending requests to unintended locations. Because the software fails to properly validate inputs, an attacker can force the server to act as a proxy, fetching data from internal systems or external websites that the server should not normally be accessing.

How is this vulnerability triggered?

The flaw is triggered when an attacker sends a specially crafted network request to the 'rotateimg.php' script included in the plugin. It does not require any login or administrative credentials to initiate. Simply ignoring or restricting access to other areas of the application does not negate the risk, as the script itself remains the primary entry point for the attack.

Why should I care if my shop is internet-facing?

According to Halo Surface Signal, this vulnerability is particularly relevant because it affects e-commerce plugins. Since these platforms are almost always deployed as public-facing storefronts, the 'rotateimg.php' script is reachable by anyone on the internet, which significantly increases the likelihood that an attacker could identify and target your server.

What are the first steps to address this issue?

You should begin by conducting an inventory to locate every instance where this plugin is currently installed. Once you have identified these systems, reach out to the application owners to confirm whether the software is active and reachable from the network. Use this information to prioritize which systems need immediate attention and to coordinate with your technical team on applying future patches or mitigating controls.

References