cve/CVE-2023-27637.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.

POC

Reference

https://friends-of-presta.github.io/security-advisories/module/2023/03/21/tshirtecommerce_cwe-89.html

Github

No PoCs found on GitHub currently.

873 B Raw Blame History

CVE-2023-27637

Description

POC

Reference

Github

873 B

Raw Blame History