CVE-2023-46348
📋 TL;DR
This SQL injection vulnerability in SunnyToo sturls module allows attackers to execute arbitrary SQL commands through the StUrls::hookActionDispatcher and StUrls::getInstanceId methods. Attackers can escalate privileges and access sensitive database information. All users of sturls versions before 1.1.13 are affected.
💻 Affected Systems
- SunnyToo sturls module for PrestaShop
📦 What is this software?
Sturls by Sunnytoo
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise including administrative privilege escalation, database exfiltration, and potential remote code execution through database functions.
Likely Case
Privilege escalation to administrative access and extraction of sensitive user data including passwords, personal information, and order history.
If Mitigated
Limited data exposure if proper input validation and parameterized queries are implemented, but SQL injection attempts would still be logged.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized. The specific methods mentioned suggest authenticated access may be required, but privilege escalation paths exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.13
Vendor Advisory: https://security.friendsofpresta.org/modules/2023/12/07/sturls.html
Restart Required: No
Instructions:
1. Access your PrestaShop admin panel. 2. Navigate to Modules > Module Manager. 3. Find 'sturls' module. 4. Update to version 1.1.13 or later. 5. Clear PrestaShop cache.
🔧 Temporary Workarounds
Input Validation Filter
allImplement input validation to sanitize user inputs before processing by the vulnerable methods.
WAF Rule Implementation
allDeploy web application firewall rules to block SQL injection patterns targeting the vulnerable endpoints.
🧯 If You Can't Patch
- Disable or remove the sturls module entirely if not essential for functionality.
- Implement network segmentation to isolate the vulnerable system and restrict database access.
🔍 How to Verify
Check if Vulnerable:
Check the sturls module version in PrestaShop admin panel under Modules > Module Manager. If version is below 1.1.13, the system is vulnerable.Check Version:
No direct CLI command. Check via PrestaShop admin interface: Modules > Module Manager > sturls module details.Verify Fix Applied:
Confirm sturls module version is 1.1.13 or higher in the module manager. Test the previously vulnerable endpoints with SQL injection payloads to ensure they are now blocked.📡 Detection & Monitoring
Log Indicators:
- SQL syntax errors in application logs
- Unusual database queries from web application user
- Multiple failed login attempts followed by successful admin access
Network Indicators:
- HTTP requests containing SQL keywords (SELECT, UNION, INSERT, etc.) to sturls endpoints
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND (url="*sturls*" AND (query="*SELECT*" OR query="*UNION*" OR query="*INSERT*" OR query="*DELETE*"))