CVE-2023-27639
published 2023-06-01CVE-2023-27639: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST…
PriorityP178high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.55%
87.9th percentile
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tshirtecommerce | custom_product_designer | <= 2.1.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandurl=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php
- →Detect POST requests to /tshirtecommerce/ajax.php?type=svg containing the 'file_name' parameter, which is the exploitation vector for directory traversal ↗
- →Alert on POST body containing URL-encoded path traversal sequences (e.g., .%2F..%2F) targeting the tshirtecommerce ajax endpoint
- →Successful exploitation returns HTTP 200 with content matching 'SqlFormatter Examples', 'SqlFormatter', or '<?php' — monitor responses to this endpoint for PHP source code leakage
- →This vulnerability was exploited in the wild in March 2023; prioritize detection on any PrestaShop instance with the /tshirtecommerce/ path exposed ↗
- ·Only XML-parseable files can be read via this traversal; the attacker cannot open arbitrary binary files, limiting exfiltration to text/XML-structured content such as PHP source, config files, and XML documents ↗
- ·The traversal is unauthenticated (PR:N) and network-reachable (AV:N) with no user interaction required, meaning any exposed PrestaShop instance running tshirtecommerce ≤ 2.1.4 is immediately at risk
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vr24-25x3-mc3h: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2
ghsa_unreviewed·2023-06-01
CVE-2023-27639 [HIGH] CWE-22 GHSA-vr24-25x3-mc3h: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023.
VulnCheck
tshirtecommerce custom_product_designer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2023·CVSS 7.5
CVE-2023-27639 [HIGH] tshirtecommerce custom_product_designer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
tshirtecommerce custom_product_designer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023.
Affected: tshirtecommerce custom_product_designer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation
No detection rules found.
Nuclei
PrestaShop TshirteCommerce - Directory Traversal
nuclei·CVSS 7.5
CVE-2023-27639 [HIGH] PrestaShop TshirteCommerce - Directory Traversal
PrestaShop TshirteCommerce - Directory Traversal
The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.
Template:
id: CVE-2023-27639
info:
name: PrestaShop TshirteCommerce - Directory Traversal
author: MaStErChO
severity: high
description: |
The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.
impact: |
Unauthenticated attackers can exploit directory traversal in the Custom Product Designer module to read arbitrary f
No writeups or analysis indexed.
2023-06-01
Published
Exploited in the wild