E

EM Quickshop RCE vulnerability

Old version of EM Quickshop extension is vulnerable to SQL injection. The vulnerability allows a remote attacker to take complete control over infected store after a single URL call. If our scanner detected that your store is vulnerable, than the vulnerability present in your version. Please consider to update or patch the extension as soon as possible or disable it.

This SQL RCE vulnerability was listed in Magento’s security report from April 26, 2016 and we still see it unpatched on a number of infected stores.

Typical fix is to escape SQL code in IndexController.php:

@@ -18,8 +18,9 @@
         $tableName = Mage::getSingleton('core/resource')->getTableName('core_url_rewrite');
         $write = Mage::getSingleton('core/resource')->getConnection('core_write');
 
-        $query = "select MAIN_TABLE.`product_id` from `{$tableName}` as MAIN_TABLE where MAIN_TABLE.`request_path` in('{$path}')";
-        $readresult=$write->query($query);
+        $query = "select MAIN_TABLE.`product_id` from `{$tableName}` as MAIN_TABLE where MAIN_TABLE.`request_path` in(:path)";
+        $binds = array( 'path' => $path );
+        $readresult=$write->query($query,$binds);
         if ($row = $readresult->fetch() ) {
             $productId=$row['product_id'];
         }
EM Quickshop RCE vulnerability
1 vote, 5.00 avg. rating (92% score)