cbcvebase.
CVE-2023-30198
published 2023-06-12

CVE-2023-30198: Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.

PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
5.52%
91.8th percentile
Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
webbaxwinbizpayment<= 1.0.2

Detection & IOCsextracted from sources · hover to see the quote

path/modules/winbizpayment/downloads/download.php
url/modules/winbizpayment/downloads/download.php
  • Monitor POST requests to /modules/winbizpayment/downloads/download.php, which is the vulnerable endpoint exploited for path traversal / improper access control.
  • Detect POST requests to the winbizpayment download endpoint containing an 'id_order' parameter, which is the mechanism used to trigger unauthorized file downloads.
  • Flag unauthenticated or session-less POST requests to /modules/winbizpayment/downloads/download.php — the vulnerability is an Incorrect Access Control flaw allowing unauthorized access without proper authentication checks.
  • ·The exploit targets winbizpayment module version 1.0.2 and below; versions above 1.0.2 may not be affected. Verify installed module version before applying detections.
  • ·The exploit PoC uses a CSRF token field in the POST body, but the vulnerability is an access control bypass — the CSRF token is not validated server-side, so detections should not rely on its presence or absence.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.