CVE-2023-39677
published 2023-09-20CVE-2023-39677: MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability…
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
30.81%
98.0th percentile
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myprestamodules | product_catalog_import | — | — |
| updateproducts_project | updateproducts | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /modules/simpleimportproduct/send.php?phpinfo=1 or /modules/updateproducts/send.php?phpinfo=1 returning HTTP 200 with body containing both 'PHP Extension' and 'PHP Version' indicates successful exploitation of the phpinfo disclosure. ↗
- →Response body must contain both the strings 'PHP Extension' AND 'PHP Version' (condition: and) with HTTP status 200 to confirm phpinfo disclosure. ↗
- →Shodan queries 'http.component:"PrestaShop"' or 'http.component:"prestashop"' can be used to identify potentially vulnerable internet-facing PrestaShop instances. ↗
- →The vulnerability is unauthenticated (PR:N, UI:N) and network-accessible (AV:N), meaning no credentials or user interaction are required to trigger phpinfo disclosure. ↗
- →EPSS score of 0.77217 (98.97th percentile) indicates very high probability of exploitation in the wild; prioritize detection on PrestaShop instances running simpleimportproduct v6.2.9 or updateproducts v3.6.9. ↗
- ·Affected versions are specifically MyPrestaModules simpleimportproduct v6.2.9 and updateproducts v3.6.9; detections should be scoped to these versions to reduce false positives. ↗
- ·The Nuclei template uses a max-request of 2 (one per module path); both paths should be checked independently as only one module may be installed on a given target. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PrestaShop MyPrestaModules - PhpInfo Disclosure
nuclei·CVSS 7.5
CVE-2023-39677 [HIGH] PrestaShop MyPrestaModules - PhpInfo Disclosure
PrestaShop MyPrestaModules - PhpInfo Disclosure
PrestaShop modules by MyPrestaModules expose PHPInfo
Template:
id: CVE-2023-39677
info:
name: PrestaShop MyPrestaModules - PhpInfo Disclosure
author: meme-lord
severity: high
description: |
PrestaShop modules by MyPrestaModules expose PHPInfo
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
An attacker can exploit this vulnerability to obtain sensitive information about the server configuration, potentially leading to further attacks.
reference:
- https://blog.sorcery.ie/posts/myprestamodules_phpinfo/
- https://cve.report/CVE-2023-39677
- https://myprestamodules.com/
- https://sorcery.ie
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-scor
No writeups or analysis indexed.
2023-09-20
Published