Miggo Logo

CVE-2018-20717: PrestaShop PHP Object Injection

8.8

CVSS Score
3.0

Basic Information

EPSS Score
0.85962%
Published
5/14/2022
Updated
10/6/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
prestashop/prestashopcomposer< 1.7.2.51.7.2.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper validation of serialized data during order processing. PrestaShop's protection mechanism checked for '0:' followed by digits but missed '0:+' patterns. This suggests a regex-based validation in a deserialization helper function (like Tools::unSerialize) was bypassed. The Tools class is a common location for serialization utilities in PrestaShop, and the patched version 1.7.2.5 would have modified this validation logic. The high confidence comes from the attack pattern (PHP object injection via unserialize) and the documented bypass technique targeting serialization validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In t** or**rs s**tion o* Pr*st*S*op ***or* *.*.*.*, *n *tt**k is possi*l* **t*r **inin* ****ss to * t*r**t stor* wit* * us*r rol* wit* t** ri**ts o* *t l**st * S*l*sm*n or *i***r privil***s. T** *tt**k*r **n t**n inj**t *r*itr*ry P*P o*j**ts into t**

Reasoning

T** vuln*r**ility st*ms *rom improp*r `v*li**tion` o* s*ri*liz** **t* *urin* or**r pro**ssin*. Pr*st*S*op's prot**tion m****nism ****k** *or '*:' *ollow** *y *i*its *ut miss** '*:+' p*tt*rns. T*is su***sts * r***x-**s** `v*li**tion` in * **s*ri*liz*t