CVE-2023-39650
published 2023-08-28CVE-2023-39650: Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.63%
88.1th percentile
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| themevolty | theme_volty_cms_blog | < 4.0.1 | 4.0.1 |
Detection & IOCsextracted from sources · hover to see the quote
url/module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+(SELECT+7826+FROM+(SELECT(SLEEP(10)))oqFL)--+yxoW↗
url/module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+5484=5484--+xhCs↗
url/module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post"+AND+5484=5485--+xhCs↗
- →Time-based blind SQLi detection: send payload with SLEEP(10) to /module/tvcmsblog/single via the `id` parameter; a response duration >= 10 seconds with HTTP 200 and body containing 'tvcmsblog' confirms exploitation. ↗
- →Boolean-based blind SQLi detection: true condition (5484=5484) returns HTTP 200 with 'tvcmsblog' in body; false condition (5484=5485) returns HTTP 302 redirect — differing responses confirm injection. ↗
- →Pre-check for vulnerable host: confirm PrestaShop with tvcmsblog module present by checking response body for strings 'prestashop' or 'tvcmsblog' before launching SQLi probes. ↗
- →Shodan dork to identify exposed PrestaShop instances running the tvcmsblog module. ↗
- ·Vulnerability affects tvcmsblog module versions up to and including 4.0.1; versions beyond 4.0.1 may be patched. ↗
- ·The injection point is the `id` parameter in the GET request; no authentication is required — exploitation is possible by unauthenticated guests. ↗
- ·Time-based detection requires a 30-second HTTP timeout on the probe request to reliably observe the SLEEP(10) delay. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PrestaShop Theme Volty CMS Blog - SQL Injection
nuclei·CVSS 9.8
CVE-2023-39650 [CRITICAL] PrestaShop Theme Volty CMS Blog - SQL Injection
PrestaShop Theme Volty CMS Blog - SQL Injection
In the module 'Theme Volty CMS Blog' (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
Template:
id: CVE-2023-39650
info:
name: PrestaShop Theme Volty CMS Blog - SQL Injection
author: mastercho
severity: critical
description: |
In the module 'Theme Volty CMS Blog' (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
referen
No writeups or analysis indexed.
2023-08-28
Published