José M. Posted Tuesday at 10:44 AM Share Posted Tuesday at 10:44 AM Hey there, in the last days, I noticed a lot of requests to my ecommerce like this one at night, up to the point of reaching max_children setting on my server, making it return 500 error to other users or Google crawlers: POST /modules/appagebuilder/apajax.php?rand=1763961313380 Searching that query on Google, I found this page: [CVE-2022-22897] Major updates > SQL Injections in PrestaShop appagebuilder module up to 2.4.5 Which mentions that attack is done via that same URL/file. My appagebuilder module version is v2.4.3. My first reaction was to try to update the module. But on LeoTheme website, changelog says: Update version 2.4.0 (July 17th, 2020) Compatible: Prestashop 1.7.6.x [Update] Update image home_default [Fix] Css bug, css tyle for instagram widget [Fix] Show image follow API of Instagram Update version 4.0 (May 5th, 2025) Compatible: Prestashop 8.x So, seems that I've got no updated version of ApPageBuilder that I can update into my site... I am really not happy at all with ApPageBuilder system, but changing my whole frontoffice system doesn't seem a plausible task right now with my work load... Dear Prestashop gurus: what should I do? 🥲 Thank you. Link to comment Share on other sites More sharing options...
endriu107 Posted yesterday at 03:23 PM Share Posted yesterday at 03:23 PM If you have access to newest version you should update it. If not, in link you added from FOP there is solution that you can provide code changes in module file. Link to comment Share on other sites More sharing options...
Daresh Posted yesterday at 03:34 PM Share Posted yesterday at 03:34 PM The minimum is to apply the patch to the files of the module, your version seems to be very close to the one mentioned in the report: https://security.friendsofpresta.org/modules/2023/01/05/appagebuilder.html#patch Link to comment Share on other sites More sharing options...
El Patron Posted yesterday at 03:53 PM Share Posted yesterday at 03:53 PM changing the front office especially if you bought directly from Leo, is the right thing to do and you know it in your gut. Also 1.7 has been riddled with hacks...me? create a staging copy of your production shop or if you have the budget use migration pro and migrate to fresh install of ps8.2.3 or wait for ps9.1 why migration to fresh installation is best, it leaves behind 'old' datas, modules etc that could/probably have vulnerabilities. only buy theme on addon's where it has to pass very vigorous validation process. using migration pro, you can build the entire shop, install awesome new theme...make sure everything works...then use migration pro to sync new customers/orders/products(for stock). put old shop in maintenance, move it to subdomain, clean domain and move new shop. done! Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now