CVE-2024-36681
📋 TL;DR
This CVE describes a critical SQL injection vulnerability in the Isotope module for PrestaShop. Attackers can exploit the saveData and removeData methods to execute arbitrary SQL commands, potentially accessing sensitive database information. All PrestaShop installations using the affected Isotope module versions are vulnerable.
💻 Affected Systems
- PrestaShop Isotope module (pk_isotope)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including customer data, admin credentials, payment information, and potential remote code execution through database functions.
Likely Case
Data exfiltration of sensitive information, database manipulation, and potential privilege escalation.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized. The specific methods mentioned suggest straightforward exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: >1.7.3
Vendor Advisory: https://security.friendsofpresta.org/modules/2024/06/20/pk_isotope.html
Restart Required: No
Instructions:
1. Update the Isotope module to version >1.7.3. 2. If update not available, remove the module. 3. Clear PrestaShop cache after update.
🔧 Temporary Workarounds
Disable Isotope module
allTemporarily disable the vulnerable module until patched
Navigate to PrestaShop admin > Modules > Module Manager > Find Isotope > Disable
Remove module files
linuxCompletely remove the vulnerable module files
rm -rf modules/pk_isotope/
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SQL injection patterns
- Restrict database user permissions to minimum required operations
🔍 How to Verify
Check if Vulnerable:
Check module version in PrestaShop admin panel under Modules > Module Manager > IsotopeCheck Version:
grep -r 'version' modules/pk_isotope/ || echo 'Module not installed'Verify Fix Applied:
Confirm module version is >1.7.3 and test saveData/removeData functionality📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple requests to saveData/removeData endpoints
- SQL error messages in application logs
Network Indicators:
- POST requests with SQL syntax in parameters
- Unusual data exfiltration patterns
SIEM Query:
source="web_logs" AND (uri="*saveData*" OR uri="*removeData*") AND (query="*SELECT*" OR query="*UNION*" OR query="*INSERT*" OR query="*DELETE*")