CVE-2024-28396 is a remote code execution (RCE) vulnerability found in the MyPrestaModules ordersexport plugin, specifically in versions 6.0.2 and earlier. The vulnerability resides in the download.php component, which improperly handles user input, enabling an attacker to inject and execute arbitrary code on the server. This is categorized under CWE-94, which involves improper control of code generation, often leading to RCE. The vulnerability requires no authentication or user interaction, making it highly exploitable remotely over the network. The CVSS 3.1 base score of 7.5 reflects a high severity primarily due to the potential confidentiality breach, as attackers can execute code and potentially access sensitive data. The flaw does not directly affect integrity or availability but can lead to further compromise. No patches or fixes are currently linked, and no exploits have been publicly observed in the wild yet. However, the presence of such a vulnerability in an e-commerce module that handles order exports poses a significant risk to merchants using PrestaShop platforms, potentially allowing attackers to take over web servers, steal customer data, or deploy malware.

The vulnerability allows remote attackers to execute arbitrary code without authentication or user interaction, which can lead to full compromise of the affected web server hosting the PrestaShop module. This can result in unauthorized access to sensitive customer and order data, theft of payment information, and potential disruption of e-commerce operations. Attackers could also use the compromised server as a foothold for lateral movement within an organization’s network or to launch further attacks. The confidentiality of business and customer data is at high risk, which can lead to reputational damage, financial loss, and regulatory penalties. Since the vulnerability affects a widely used e-commerce plugin, the scope of impact is broad, especially for small to medium-sized online retailers relying on this module for order management.

Organizations should immediately verify if they are using MyPrestaModules ordersexport version 6.0.2 or earlier and disable or isolate the affected download.php component until a patch is available. Implement strict input validation and sanitization on all user-supplied data to prevent code injection. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting download.php. Monitor server logs for unusual activity indicative of exploitation attempts. Restrict access to the download.php endpoint by IP whitelisting or authentication where feasible. Regularly update all PrestaShop modules and monitor vendor advisories for patches. Conduct security audits and penetration testing focused on plugin components. Consider deploying runtime application self-protection (RASP) solutions to detect and block exploitation in real-time.