CVE-2024-33275
📋 TL;DR
This SQL injection vulnerability in Webbax supernewsletter v1.4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the product_search.php component. Attackers can escalate privileges, potentially gaining administrative access to affected PrestaShop installations. All users running vulnerable versions of this PrestaShop module are affected.
💻 Affected Systems
- Webbax supernewsletter PrestaShop module
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the PrestaShop installation with administrative access, data theft, and potential lateral movement to other systems.
Likely Case
Privilege escalation leading to unauthorized administrative access, data manipulation, and installation of backdoors.
If Mitigated
Limited impact with proper input validation and database permissions, though SQL injection attempts may still cause service disruption.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized. The description suggests remote exploitation without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/04/29/supernewsletter.html
Restart Required: No
Instructions:
1. Check if supernewsletter module is installed. 2. Remove or disable the module immediately. 3. Monitor for official patch from vendor. 4. Consider alternative newsletter modules.
🔧 Temporary Workarounds
Disable supernewsletter module
allRemove or disable the vulnerable module from PrestaShop administration
Navigate to PrestaShop admin > Modules > Module Manager > Find 'supernewsletter' > Disable/Delete
Web Application Firewall (WAF) rules
allImplement WAF rules to block SQL injection patterns targeting product_search.php
Configure WAF to block requests containing SQL injection patterns to */modules/supernewsletter/* paths
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for all user inputs
- Restrict database user permissions to minimum required, removing administrative privileges
🔍 How to Verify
Check if Vulnerable:
Check PrestaShop modules directory for supernewsletter folder and examine version in module configurationCheck Version:
Check modules/supernewsletter/ directory for version file or configurationVerify Fix Applied:
Verify supernewsletter module is removed or disabled in PrestaShop admin interface📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple requests to product_search.php with SQL-like parameters
- Failed login attempts followed by successful admin access
Network Indicators:
- HTTP requests containing SQL keywords (SELECT, UNION, etc.) targeting /modules/supernewsletter/product_search.php
SIEM Query:
source="web_logs" AND uri="/modules/supernewsletter/product_search.php" AND (query="*SELECT*" OR query="*UNION*" OR query="*OR 1=1*")🔗 References
- https://security.friendsofpresta.org/modules/2024/04/29/supernewsletter.html
- https://www.webbax.ch/2017/08/30/9-modules-prestashop-gratuits-offert-par-webbax/
- https://security.friendsofpresta.org/modules/2024/04/29/supernewsletter.html
- https://www.webbax.ch/2017/08/30/9-modules-prestashop-gratuits-offert-par-webbax/
