CVE-2022-22897 Scanner

PrestaShop Ap Pagebuilder is a prominent website design and content management tool used for creating and customizing online stores on the PrestaShop platform. It provides users with a drag-and-drop interface to easily build and manage ecommerce websites. This plugin is widely used among PrestaShop users for its flexibility, ease of use, and the ability to create responsive designs that enhance the shopping experience. Developed by ApolloTheme, it includes various features for customizing the layout, adding products, and integrating multimedia content. It's geared towards business owners, web developers, and designers looking to create professional and visually appealing online stores.

CVE-2022-22897 discloses a critical SQL Injection vulnerability within the PrestaShop Ap Pagebuilder plugin, versions up to and including 2.4.4. This flaw allows unauthenticated attackers to execute arbitrary SQL queries by manipulating the product_all_one_img and image_product parameters. The vulnerability poses a significant risk as it can lead to unauthorized access, data leakage, and potentially full database compromise.

The vulnerability is exploited through crafted HTTP requests targeting the apajax.php file. By inserting malicious SQL code into the product_one_img parameter, attackers can manipulate database queries. This security flaw is particularly severe due to its critical CVSS score of 9.8, indicating the possibility of high impact attacks including data theft, database manipulation, and unauthorized administrative access. The exploit does not require authentication, making it accessible to any attacker with knowledge of the vulnerable endpoint.

The exploitation of CVE-2022-22897 can have devastating effects, including theft of sensitive customer data, alteration of product listings, unauthorized administrative actions, and complete compromise of the PrestaShop ecommerce platform. It undermines the integrity and confidentiality of the affected websites, potentially leading to financial losses, damage to reputation, and erosion of customer trust.

By leveraging S4E's comprehensive vulnerability scanning service, users gain valuable insights into potential security weaknesses like CVE-2022-22897 within their digital infrastructure. Our platform offers detailed reports, remediation guidance, and continuous monitoring to help mitigate risks and strengthen security postures. Joining S4E ensures that your ecommerce presence is robustly protected against emerging threats, safeguarding your business and customer data.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-22897
• https://packetstormsecurity.com/files/cve/CVE-2022-22897
• https://security.friendsofpresta.org/modules/2023/01/05/appagebuilder.html
• https://github.com/ARPSyndicate/cvemon
• https://github.com/karimhabush/cyberowl