CVE-2022-31181 PoC — Remote code execution in prestashop

Source

https://github.com/drkbcn/lblfixer_cve_2022_31181

Associated Vulnerability

Title:Remote code execution in prestashop (CVE-2022-31181)
Description:PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.

Description

Module for PrestaShop 1.6.1.X/1.7.X to fix CVE-2022-31181 / CVE-2022-36408 vulnerability (Chain SQL Injection)

Readme

# LabelGrup Networks, official PrestaShop Partner

![LabelGrup Logo](logo.png)

Module for PrestaShop 1.6.1.X and 1.7.X to fix CVE-2022-36408 / CVE-2022-31181 vulnerability (Chain SQL Injection)

For further information, check the following links: 
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-36408
- CVE (GitHub): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31181
- GitHub: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4
- PrestaShop: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/

**Instructions:**

 1. Download the latest release from this repository.
 2. Install the downloaded ZIP as a normal addon, this will replace/copy the needed files to your current PrestaShop.
 3. Be aware: If you remove the addon, your PrestaShop will be reverted to its original state, exposing the vulnerability again.

**For PrestaShop 1.6 users:**

- This addon is not compatible with PrestaShop 1.6.0.X, the minimal supported version is 1.6.1.0.
- If you remove the addon, a folder named "cvepatches" will remain in your "/classes" path. Please, delete the "cvepatches" folder once the addon is uninstalled.

Visit our website:
https://www.labelgrup.com

File Snapshot


 [4.0K]  /data/pocs/977223c780a2f746971418322d4c4573d483175d
├── [4.0K]  backup
│   └── [ 532]  index.php
├── [ 532]  index.php
├── [5.0K]  lblfixer_cve_2022_36408.php
├── [ 14K]  logo.png
├── [4.0K]  _override16
│   ├── [4.0K]  classes
│   │   ├── [4.0K]  cvepatches
│   │   │   ├── [ 121]  composer.json
│   │   │   ├── [4.8K]  composer.lock
│   │   │   ├── [ 532]  index.php
│   │   │   ├── [4.0K]  key
│   │   │   │   └── [ 532]  index.php
│   │   │   ├── [4.0K]  src
│   │   │   │   ├── [ 532]  index.php
│   │   │   │   ├── [4.3K]  PhpEncryptionEngine.php
│   │   │   │   ├── [4.8K]  PhpEncryptionLegacyEngine.php
│   │   │   │   └── [3.4K]  PhpEncryption.php
│   │   │   └── [4.0K]  vendor
│   │   │       ├── [ 178]  autoload.php
│   │   │       ├── [4.0K]  bin
│   │   │       │   ├── [3.3K]  generate-defuse-key
│   │   │       │   ├── [ 141]  generate-defuse-key.bat
│   │   │       │   └── [ 532]  index.php
│   │   │       ├── [4.0K]  composer
│   │   │       │   ├── [ 448]  autoload_classmap.php
│   │   │       │   ├── [ 242]  autoload_files.php
│   │   │       │   ├── [ 149]  autoload_namespaces.php
│   │   │       │   ├── [ 219]  autoload_psr4.php
│   │   │       │   ├── [2.6K]  autoload_real.php
│   │   │       │   ├── [1.5K]  autoload_static.php
│   │   │       │   ├── [ 16K]  ClassLoader.php
│   │   │       │   ├── [ 532]  index.php
│   │   │       │   ├── [4.5K]  installed.json
│   │   │       │   ├── [1.4K]  installed.php
│   │   │       │   ├── [ 15K]  InstalledVersions.php
│   │   │       │   ├── [1.0K]  LICENSE
│   │   │       │   └── [ 925]  platform_check.php
│   │   │       ├── [4.0K]  defuse
│   │   │       │   ├── [ 532]  index.php
│   │   │       │   └── [4.0K]  php-encryption
│   │   │       │       ├── [4.0K]  bin
│   │   │       │       │   ├── [ 298]  generate-defuse-key
│   │   │       │       │   └── [ 532]  index.php
│   │   │       │       ├── [ 943]  composer.json
│   │   │       │       ├── [4.0K]  dist
│   │   │       │       │   ├── [ 502]  box.json
│   │   │       │       │   ├── [ 532]  index.php
│   │   │       │       │   ├── [1.1K]  Makefile
│   │   │       │       │   ├── [3.0K]  signingkey.asc
│   │   │       │       │   ├── [3.2K]  signingkey-new.asc
│   │   │       │       │   └── [ 566]  signingkey-new.asc.sig
│   │   │       │       ├── [4.0K]  docs
│   │   │       │       │   ├── [4.0K]  classes
│   │   │       │       │   │   ├── [ 11K]  Crypto.md
│   │   │       │       │   │   ├── [ 19K]  File.md
│   │   │       │       │   │   ├── [ 532]  index.php
│   │   │       │       │   │   ├── [3.2K]  Key.md
│   │   │       │       │   │   └── [10.0K]  KeyProtectedByPassword.md
│   │   │       │       │   ├── [2.9K]  CryptoDetails.md
│   │   │       │       │   ├── [2.7K]  FAQ.md
│   │   │       │       │   ├── [ 532]  index.php
│   │   │       │       │   ├── [1.9K]  InstallingAndVerifying.md
│   │   │       │       │   ├── [4.7K]  InternalDeveloperDocs.md
│   │   │       │       │   ├── [ 13K]  Tutorial.md
│   │   │       │       │   └── [1.9K]  UpgradingFromV1.2.md
│   │   │       │       ├── [ 532]  index.php
│   │   │       │       ├── [1.1K]  LICENSE
│   │   │       │       ├── [5.2K]  README.md
│   │   │       │       └── [4.0K]  src
│   │   │       │           ├── [ 15K]  Core.php
│   │   │       │           ├── [ 14K]  Crypto.php
│   │   │       │           ├── [ 779]  DerivedKeys.php
│   │   │       │           ├── [9.0K]  Encoding.php
│   │   │       │           ├── [4.0K]  Exception
│   │   │       │           │   ├── [ 121]  BadFormatException.php
│   │   │       │           │   ├── [  88]  CryptoException.php
│   │   │       │           │   ├── [ 131]  EnvironmentIsBrokenException.php
│   │   │       │           │   ├── [ 532]  index.php
│   │   │       │           │   ├── [ 114]  IOException.php
│   │   │       │           │   └── [ 140]  WrongKeyOrModifiedCiphertextException.php
│   │   │       │           ├── [ 25K]  File.php
│   │   │       │           ├── [ 532]  index.php
│   │   │       │           ├── [4.4K]  KeyOrPassword.php
│   │   │       │           ├── [2.2K]  Key.php
│   │   │       │           ├── [4.4K]  KeyProtectedByPassword.php
│   │   │       │           └── [8.2K]  RuntimeTests.php
│   │   │       ├── [ 532]  index.php
│   │   │       └── [4.0K]  paragonie
│   │   │           ├── [ 532]  index.php
│   │   │           └── [4.0K]  random_compat
│   │   │               ├── [ 907]  composer.json
│   │   │               ├── [4.0K]  dist
│   │   │               │   ├── [ 532]  index.php
│   │   │               │   ├── [ 215]  random_compat.phar.pubkey
│   │   │               │   └── [ 488]  random_compat.phar.pubkey.asc
│   │   │               ├── [ 532]  index.php
│   │   │               ├── [4.0K]  lib
│   │   │               │   ├── [6.2K]  byte_safe_strings.php
│   │   │               │   ├── [2.7K]  cast_to_int.php
│   │   │               │   ├── [1.6K]  error_polyfill.php
│   │   │               │   ├── [ 532]  index.php
│   │   │               │   ├── [2.9K]  random_bytes_com_dotnet.php
│   │   │               │   ├── [6.3K]  random_bytes_dev_urandom.php
│   │   │               │   ├── [2.9K]  random_bytes_libsodium_legacy.php
│   │   │               │   ├── [2.9K]  random_bytes_libsodium.php
│   │   │               │   ├── [2.5K]  random_bytes_mcrypt.php
│   │   │               │   ├── [6.6K]  random_int.php
│   │   │               │   └── [7.8K]  random.php
│   │   │               └── [1.1K]  LICENSE
│   │   ├── [ 532]  index.php
│   │   └── [5.7K]  SmartyCacheResourceMysql.php
│   └── [ 532]  index.php
├── [4.0K]  _override17
│   ├── [4.0K]  classes
│   │   ├── [ 532]  index.php
│   │   └── [4.0K]  Smarty
│   │       ├── [ 532]  index.php
│   │       └── [5.1K]  SmartyCacheResourceMysql.php
│   └── [ 532]  index.php
└── [1.2K]  README.md

24 directories, 97 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!