CVE-2021-21308 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in PrestaShop, a popular open-source e-commerce platform. This flaw allows an attacker to initiate unauthorized requests on behalf of the server, potentially leading to sensitive data exposure or further exploitation. The vulnerability affects versions 1.5.0 through 1.7.7.1, and a fix is available in version 1.7.7.2.
The SSRF vulnerability in PrestaShop allows an attacker to craft malicious requests that the server will execute. This can be exploited to access internal resources that are not directly accessible from the outside, such as internal APIs, databases, or even other systems within the same network. An attacker could potentially read sensitive configuration files, access customer data, or even trigger actions on other systems. The impact is amplified if the PrestaShop instance is deployed in an environment with privileged access or connected to other critical systems. While the description mentions 'executing customer commands,' the precise nature of this command execution requires further investigation, but the SSRF vector provides a significant attack surface.
CVE-2021-21308 was publicly disclosed on February 26, 2021. There is no indication of active exploitation campaigns targeting this vulnerability at the time of writing. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are available, demonstrating the feasibility of exploiting the SSRF vulnerability.
PrestaShop installations running versions 1.5.0 through 1.7.7.1 are at risk. This includes e-commerce businesses relying on PrestaShop for their online storefronts, particularly those with limited security expertise or those who have not applied recent security updates. Shared hosting environments where multiple PrestaShop instances share the same server resources are also at increased risk.
• php: Examine PrestaShop logs for unusual outbound HTTP requests, particularly those targeting internal resources or unexpected domains. Use grep to search for patterns indicative of SSRF attempts.
grep -i 'request_uri: internal_resource' /path/to/prestashop/var/logs/presta.log• generic web: Monitor access logs for requests originating from the PrestaShop server to internal IP addresses or unusual domains. Use curl to test for SSRF by attempting to access internal resources through the PrestaShop instance.
curl -v http://localhost/internal_resourcedisclosure
漏洞利用状态
EPSS
0.31% (54% 百分位)
CVSS 向量
The primary mitigation for CVE-2021-21308 is to upgrade PrestaShop to version 1.7.7.2 or later, which includes the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restrict outbound network access from the PrestaShop server using a Web Application Firewall (WAF) or proxy to block suspicious requests. Carefully review and restrict the allowed protocols and domains that PrestaShop can access. Monitor PrestaShop logs for unusual outbound requests that could indicate exploitation attempts. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability and verifying that the request is blocked.
将 PrestaShop 更新到 1.7.7.2 或更高版本。此更新修复了允许攻击者以客户身份执行命令的不正确的会话管理。建议在更新之前进行备份。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2021-21308 is a Server-Side Request Forgery (SSRF) vulnerability in PrestaShop versions 1.5.0 to 1.7.7.1, allowing attackers to initiate unauthorized requests.
Yes, if you are running PrestaShop versions 1.5.0 through 1.7.7.1, you are vulnerable to this SSRF vulnerability.
Upgrade PrestaShop to version 1.7.7.2 or later to resolve the vulnerability. Implement WAF rules as a temporary workaround.
While there's no confirmed active exploitation, public proof-of-concept exploits exist, making exploitation possible.
Refer to the PrestaShop security advisory for detailed information and updates: https://blog.prestashop.com/security-vulnerability-ssrf-cve-2021-21308
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。