cbcvebase.
CVE-2023-27637
published 2023-03-22

CVE-2023-27637: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised…

PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.30%
87.0th percentile
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.

Affected

1 ranges
VendorProductVersion rangeFixed in
tshirtecommercecustom_product_designer

Detection & IOCsextracted from sources · hover to see the quote

url/module/tshirtecommerce/designer?product_id=900982561&parent_id=1;SELECT%20SLEEP(8);
path/module/tshirtecommerce/designer
filenamedesigner.php
commandparent_id=1;SELECT%20SLEEP(8);
  • Detect time-based SQL injection attempts against the tshirtecommerce designer endpoint by monitoring for requests to /module/tshirtecommerce/designer with SQL keywords (e.g., SELECT, SLEEP) in the parent_id or product_id GET parameters.
  • A successful exploitation response contains the string 'product not found' in the body with HTTP 200 status and a response duration >= 8 seconds (due to SLEEP(8) payload), indicating blind time-based SQLi.
  • Fingerprint vulnerable PrestaShop installations by searching for pages containing both 'Prestashop' and 'tshirtecommerce' in the response body (FOFA query: body="Prestashop" && body="tshirtecommerce").
  • The vulnerability is unauthenticated (PR:N) and exploitable remotely (AV:N), so no session cookie or authentication token is required to trigger the SQL injection via the designer endpoint.
  • ·The Nuclei template uses a 30-second timeout to accommodate the SLEEP(8) time-based payload; detection rules should account for delayed responses rather than relying solely on immediate response anomalies.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.