8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-20717

GHSA ID

GHSA-xx67-2j3v-h76p

EPSS Score

0.85962%

CWE

CWE-94

Published

5/14/2022

Updated

10/6/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-20717

CVE-2018-20717:
PrestaShop PHP Object Injection

In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-20717

GHSA ID

GHSA-xx67-2j3v-h76p

EPSS Score

0.85962%

CWE

CWE-94

Published

5/14/2022

Updated

10/6/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
prestashop/prestashop	composer	< 1.7.2.5	1.7.2.5

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper validation of serialized data during order processing. PrestaShop's protection mechanism checked for '0:' followed by digits but missed '0:+' patterns. This suggests a regex-based validation in a deserialization helper function (like Tools::unSerialize) was bypassed. The Tools class is a common location for serialization utilities in PrestaShop, and the patched version 1.7.2.5 would have modified this validation logic. The high confidence comes from the attack pattern (PHP object injection via unserialize) and the documented bypass technique targeting serialization validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In t** or**rs s**tion o* Pr*st*S*op ***or* *.*.*.*, *n *tt**k is possi*l* **t*r **inin* ****ss to * t*r**t stor* wit* * us*r rol* wit* t** ri**ts o* *t l**st * S*l*sm*n or *i***r privil***s. T** *tt**k*r **n t**n inj**t *r*itr*ry P*P o*j**ts into t**

Reasoning

T** vuln*r**ility st*ms *rom improp*r `v*li**tion` o* s*ri*liz** **t* *urin* or**r pro**ssin*. Pr*st*S*op's prot**tion m****nism ****k** *or '*:' *ollow** *y *i*its *ut miss** '*:+' p*tt*rns. T*is su***sts * r***x-**s** `v*li**tion` in * **s*ri*liz*t

8.8

Basic Information

Concerned about an active attack path?

CVE-2018-20717: PrestaShop PHP Object Injection

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-20717:
PrestaShop PHP Object Injection

Vulnerability Intelligence
Miggo AI