CVE-2024-28389
📋 TL;DR
This SQL injection vulnerability in KnowBand spinwheel v3.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the sendEmail() method. Attackers can gain escalated privileges and access sensitive information from the database. All users running affected versions of the spinwheel module are vulnerable.
💻 Affected Systems
- KnowBand spinwheel module for PrestaShop
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the PrestaShop database including customer PII, admin credential theft, and potential remote code execution through database functions.
Likely Case
Data exfiltration of customer information, admin account takeover, and privilege escalation within the PrestaShop application.
If Mitigated
Limited impact if proper input validation and WAF rules block SQL injection attempts, though underlying vulnerability remains.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized. The public disclosure includes technical details that facilitate exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v3.0.4 or later
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/03/12/spinwheel.html
Restart Required: No
Instructions:
1. Download latest spinwheel module from official source. 2. Backup current module. 3. Replace old module files with patched version. 4. Clear PrestaShop cache.
🔧 Temporary Workarounds
Disable spinwheel module
allTemporarily disable the vulnerable module until patching is possible
Navigate to PrestaShop admin > Modules > Module Manager > Find spinwheel > Disable
WAF SQL injection rules
allImplement web application firewall rules to block SQL injection patterns targeting the sendEmail endpoint
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries at application level
- Restrict database user permissions to minimum required for module functionality
🔍 How to Verify
Check if Vulnerable:
Check spinwheel module version in PrestaShop admin panel under Modules > Module ManagerCheck Version:
Check module version in PrestaShop admin interface or examine module files for version metadataVerify Fix Applied:
Confirm spinwheel module version is v3.0.4 or later and test sendEmail functionality📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts from single IP
- Unexpected database schema changes
Network Indicators:
- POST requests to spinwheel sendEmail endpoint with SQL syntax in parameters
- Unusual outbound database connections
SIEM Query:
source="web_logs" AND uri="*spinwheel*" AND (param="*UNION*" OR param="*SELECT*" OR param="*INSERT*" OR param="*DELETE*")