cbcvebase.
CVE-2023-27639
published 2023-06-01

CVE-2023-27639: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST…

PriorityP178high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.55%
87.9th percentile
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023.

Affected

1 ranges
VendorProductVersion rangeFixed in
tshirtecommercecustom_product_designer<= 2.1.4

Detection & IOCsextracted from sources · hover to see the quote

url/tshirtecommerce/ajax.php?type=svg
path/tshirtecommerce/ajax.php
commandurl=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php
  • Detect POST requests to /tshirtecommerce/ajax.php?type=svg containing the 'file_name' parameter, which is the exploitation vector for directory traversal
  • Alert on POST body containing URL-encoded path traversal sequences (e.g., .%2F..%2F) targeting the tshirtecommerce ajax endpoint
  • Successful exploitation returns HTTP 200 with content matching 'SqlFormatter Examples', 'SqlFormatter', or '<?php' — monitor responses to this endpoint for PHP source code leakage
  • This vulnerability was exploited in the wild in March 2023; prioritize detection on any PrestaShop instance with the /tshirtecommerce/ path exposed
  • ·Only XML-parseable files can be read via this traversal; the attacker cannot open arbitrary binary files, limiting exfiltration to text/XML-structured content such as PHP source, config files, and XML documents
  • ·The traversal is unauthenticated (PR:N) and network-reachable (AV:N) with no user interaction required, meaning any exposed PrestaShop instance running tshirtecommerce ≤ 2.1.4 is immediately at risk

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.