CVE-2023-27640
published 2023-06-01CVE-2023-27640: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST…
PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.57%
87.9th percentile
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tshirtecommerce | custom_product_designer | <= 2.1.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP requests (GET or POST) to /tshirtecommerce/fonts.php containing directory traversal sequences (e.g., ../) in the 'type' or 'name' parameters. ↗
- →Responses from a successful exploit will return base64-encoded file contents; detect responses with status 200, Content-Type text/html, and a base64-decoded body containing both 'PrestaShop' and '<?php'. ↗
- →Use the Google dork inurl:"/tshirtecommerce/" to identify potentially exposed PrestaShop instances running the vulnerable module. ↗
- →The content of traversed files is returned base64-encoded in the HTTP response body; monitor for anomalously large base64 blobs in responses from fonts.php. ↗
- →This vulnerability was actively exploited in the wild in March 2023; prioritize detection and patching for any PrestaShop instances with the tshirtecommerce module installed. ↗
- ·The traversal is unrestricted by file extension or path, meaning any readable file on the server (not just PHP files) can be exfiltrated via the 'type' parameter. ↗
- ·Both POST and GET parameters are exploitable for the traversal, so detection rules must cover both HTTP methods on the fonts.php endpoint. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w2hv-2pwp-7hww: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2
ghsa_unreviewed·2023-06-01
CVE-2023-27640 [HIGH] CWE-22 GHSA-w2hv-2pwp-7hww: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023.
VulnCheck
tshirtecommerce custom_product_designer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2023·CVSS 7.5
CVE-2023-27640 [HIGH] tshirtecommerce custom_product_designer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
tshirtecommerce custom_product_designer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023.
Affected: tshirtecommerce custom_product_designer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation Refere
No detection rules found.
Nuclei
PrestaShop tshirtecommerce - Directory Traversal
nuclei·CVSS 7.5
CVE-2023-27640 [HIGH] PrestaShop tshirtecommerce - Directory Traversal
PrestaShop tshirtecommerce - Directory Traversal
The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.
Template:
id: CVE-2023-27640
info:
name: PrestaShop tshirtecommerce - Directory Traversal
author: MaStErChO
severity: high
description: |
The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.
impact: |
Unauthenticated attackers can exploit directory traversal through the type parameter in fonts.php to read arbitrary
No writeups or analysis indexed.
2023-06-01
Published
Exploited in the wild