Horizon Alert
Summary of the vulnerability and why it matters
This advisory highlights a critical vulnerability in a PrestaShop module used for layered navigation filters. The issue allows unauthenticated attackers to execute arbitrary code on the server, potentially leading to a compromised website. The vulnerability is related to how the module processes and stores search filter data from URLs.
- An attacker can take control of your website.
- It affects an e-commerce search and filter module.
- Confirm if this module is in use and update it.
Attack Path
How an attacker could exploit the issue
An unauthenticated attacker can target the ps_facetedsearch module by sending specially crafted requests to the e-commerce site. The module improperly processes slider filter values from the URL, allowing the attacker to inject a malicious PHP object into the cache. When this object is deserialized, it enables the attacker to write arbitrary files on the server, ultimately leading to command execution.
- No authentication required.
- Manipulate slider filter values in URL.
- Arbitrary file write and command execution.
Live Threat
Current exploitation, exposure, and threat context
An unauthenticated attacker could execute arbitrary commands on the server by uploading a malicious PHP object through crafted requests. This object, when deserialized, can write a webshell into the `modules/ps_facetedsearch/` directory, allowing for server-side command execution.
- Server-side code execution.
- Malicious object smuggled into cache.
- Arbitrary file write to modules directory.
Operational Fix
Recommended remediation, mitigation, and detection steps
The PrestaShop ps_facetedsearch module's vulnerability impacts e-commerce sites, likely making application owners and platform teams responsible for remediation. The first practical step involves identifying all instances of the affected module, confirming their reachability and business criticality, and then engaging the accountable owners to plan a risk-based remediation strategy.
- Application owners should own the issue.
- Verify module's external exposure.
- Plan coordinated remediation activities.