This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: PrestaShop module `poststaticfooter` (v1.0.0 and earlier) suffers from **SQL Injection**.β¦
π‘οΈ **Root Cause**: The function `poststaticfooter::getPosCurrentHook()` is vulnerable. <br>β οΈ **Flaw**: It fails to properly sanitize user input before executing SQL commands, allowing malicious payloads to be injected.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: PrestaShop installations using the **poststaticfooter** module. <br>π **Version**: Version **1.0.0** and any prior versions are at risk.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Capabilities**: Hackers can execute arbitrary SQL commands. <br>π **Impact**: High risk of **Confidentiality**, **Integrity**, and **Availability** loss.β¦
π **Threshold**: **LOW**. <br>π **Access**: Network Accessible (AV:N). <br>π **Auth**: No Privileges Required (PR:N). <br>ποΈ **UI**: No User Interaction Needed (UI:N). Easy to exploit remotely.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: **YES**. <br>π **PoC**: Available via ProjectDiscovery Nuclei templates. <br>π **Wild Exp**: Likely, given the low complexity and lack of auth requirements.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for the **poststaticfooter** module. <br>π οΈ **Tool**: Use Nuclei with the specific CVE-2023-30194 template. <br>π **Verify**: Check if the module version is β€ 1.0.0.
π§ **No Patch?**: **Disable** the `poststaticfooter` module immediately. <br>π **Mitigation**: If it must stay, restrict access via WAF rules to block SQL injection patterns in the `getPosCurrentHook` parameter.
Q10Is it urgent? (Priority Suggestion)
β‘ **Urgency**: **CRITICAL**. <br>π₯ **Priority**: High. CVSS Score indicates **High** impact (C:H, I:H, A:H). Patch immediately to prevent data theft or site defacement.