6.4
CVSSv2

CVE-2018-13784

Published: 09/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 652
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

PrestaShop prior to 1.6.1.20 and 1.7.x prior to 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

Vulnerability Trend

Affected Products

Vendor Product Versions
PrestashopPrestashop-, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.5.1, 0.9, 0.9.1, 0.9.2, 0.9.5, 0.9.6, 0.9.7, 1.0, 1.0.0.1, 1.0.0.2, 1.0.0.3, 1.0.0.4, 1.0.0.5, 1.1.0.3, 1.4, 1.4.0.1, 1.4.0.2, 1.4.0.3, 1.4.0.4, 1.4.0.5, 1.4.0.6, 1.4.0.7, 1.4.0.8, 1.4.0.9, 1.4.0.10, 1.4.0.11, 1.4.0.12, 1.4.0.13, 1.4.0.14, 1.4.0.15, 1.4.0.16, 1.4.0.17, 1.4.1.0, 1.4.2.4, 1.4.2.5, 1.4.3.0, 1.4.4.0, 1.4.4.1, 1.4.5.1, 1.4.6.1, 1.4.6.2, 1.4.7.0, 1.4.7.1, 1.4.7.2, 1.5.0.0, 1.5.0.1, 1.5.0.2, 1.5.0.3, 1.5.0.5, 1.5.0.9, 1.5.0.13, 1.5.0.15, 1.5.0.17, 1.5.1.0, 1.5.2.0, 1.5.3.0, 1.5.3.1, 1.5.4.0, 1.5.4.1, 1.5.5.0, 1.5.6.0, 1.5.6.1, 1.5.6.2, 1.6.0.1, 1.6.0.2, 1.6.0.3, 1.6.0.4, 1.6.0.5, 1.6.0.6, 1.6.0.7, 1.6.0.8, 1.6.0.9, 1.6.0.10, 1.6.0.11, 1.6.0.12, 1.6.0.13, 1.6.0.14, 1.6.1.0, 1.6.1.1, 1.6.1.2, 1.6.1.3, 1.6.1.4, 1.6.1.5, 1.6.1.6, 1.6.1.7, 1.6.1.8, 1.6.1.9, 1.6.1.10, 1.6.1.11, 1.6.1.12, 1.6.1.13, 1.6.1.14, 1.6.1.15, 1.6.1.16, 1.6.1.17, 1.6.1.18, 1.6.1.19, 1.7.0.0, 1.7.0.1, 1.7.0.2, 1.7.0.3, 1.7.0.4, 1.7.0.5, 1.7.0.6, 1.7.1.0, 1.7.1.1, 1.7.1.2, 1.7.2.0, 1.7.2.1, 1.7.2.2, 1.7.2.3, 1.7.2.4, 1.7.2.5, 1.7.3.0, 1.7.3.1, 1.7.3.2, 1.7.3.3

Exploits

<--- exploitpy ---> #!/usr/bin/env python3 # PrestaShop <= 16119 Privilege Escalation # Charles Fol # 2018-07-10 # # See ambionicsio/blog/prestashop-privilege-escalation # # # The condition for this exploit to work is for an employee to have the same # password as a customer The exploit will yield a valid employee cookie for ...
#!/usr/bin/env python3 # PrestaShop <= 16119 AES (Rijndael) / openssl_encrypt() Cookie Read # Charles Fol # # See ambionicsio/blog/prestashop-privilege-escalation # # This POC will reveal the content of an employee's cookie # By modifying it one can read/write any PrestaShop cookie # It is a simple padding oracle implementation # ...

Github Repositories

prestashop-exploits Collection of exploits/POCs for PrestaShop cookie vulnerabilities (CVE-2018-13784) Refer to ambionicsio/blog/prestashop-privilege-escalation for details

PrestaShop security vulnerability checker The library and the tool to check PrestaShop for vulnerabilities The tool home page and the support page: prestashopmodulezru The full description, how to use and the stable release for download are available there Report example PrestaShop security vulnerability checker (homepage: prestashopmodulezru/en/tools-scripts/70

██╗ ██╗███████╗██╗ ██████╗ ███████╗██╗ ██╗██╗ ██║ ██║██╔════╝██║ ██╔══██╗██╔════╝██║ ██║██║ ███████║█████╗ ██║ ██████╔╝████