cbcvebase.
CVE-2023-39677
published 2023-09-20

CVE-2023-39677: MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability…

PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
30.81%
98.0th percentile
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.

Affected

2 ranges
VendorProductVersion rangeFixed in
myprestamodulesproduct_catalog_import
updateproducts_projectupdateproducts

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/modules/simpleimportproduct/send.php?phpinfo=1
url{{BaseURL}}/modules/updateproducts/send.php?phpinfo=1
path/modules/simpleimportproduct/send.php
path/modules/updateproducts/send.php
  • HTTP GET request to /modules/simpleimportproduct/send.php?phpinfo=1 or /modules/updateproducts/send.php?phpinfo=1 returning HTTP 200 with body containing both 'PHP Extension' and 'PHP Version' indicates successful exploitation of the phpinfo disclosure.
  • Response body must contain both the strings 'PHP Extension' AND 'PHP Version' (condition: and) with HTTP status 200 to confirm phpinfo disclosure.
  • Shodan queries 'http.component:"PrestaShop"' or 'http.component:"prestashop"' can be used to identify potentially vulnerable internet-facing PrestaShop instances.
  • The vulnerability is unauthenticated (PR:N, UI:N) and network-accessible (AV:N), meaning no credentials or user interaction are required to trigger phpinfo disclosure.
  • EPSS score of 0.77217 (98.97th percentile) indicates very high probability of exploitation in the wild; prioritize detection on PrestaShop instances running simpleimportproduct v6.2.9 or updateproducts v3.6.9.
  • ·Affected versions are specifically MyPrestaModules simpleimportproduct v6.2.9 and updateproducts v3.6.9; detections should be scoped to these versions to reduce false positives.
  • ·The Nuclei template uses a max-request of 2 (one per module path); both paths should be checked independently as only one module may be installed on a given target.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.