CVE-2024-34989
📋 TL;DR
This SQL injection vulnerability in the RSI PDF/HTML catalog evolution module for PrestaShop allows unauthenticated attackers to execute arbitrary SQL commands. Attackers can potentially access, modify, or delete database content, affecting all PrestaShop installations using vulnerable versions of this module.
💻 Affected Systems
- RSI PDF/HTML catalog evolution (prestapdf) module for PrestaShop
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE techniques.
Likely Case
Unauthorized data access including customer information, order details, and administrative credentials stored in the database.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection.
🎯 Exploit Status
SQL injection via PrestaPDFProductListModuleFrontController::queryDb() requires minimal technical skill to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: > 7.0.0
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/06/20/prestapdf.html
Restart Required: No
Instructions:
1. Update the prestapdf module to latest version via PrestaShop admin panel. 2. Verify module version is > 7.0.0. 3. Clear PrestaShop cache.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the prestapdf module until patching is possible.
Navigate to PrestaShop admin > Modules > Module Manager > Disable 'RSI PDF/HTML catalog evolution'
WAF rule implementation
allDeploy web application firewall rules to block SQL injection patterns targeting the vulnerable endpoint.
Add WAF rule: Detect and block SQL injection patterns in POST/GET parameters to prestapdf controller
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries in the queryDb() method
- Restrict module access via .htaccess or web server configuration to trusted IPs only
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > RSI PDF/HTML catalog evolution.Check Version:
SELECT version FROM ps_module WHERE name = 'prestapdf';Verify Fix Applied:
Confirm module version is > 7.0.0 and test SQL injection attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts following SQL errors
- HTTP requests containing SQL keywords to prestapdf endpoints
Network Indicators:
- SQL error messages in HTTP responses
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND (uri="*prestapdf*" AND (query="*SELECT*" OR query="*UNION*" OR query="*OR 1=1*"))