cbcvebase.

Tshirtecommerce Custom Product Designer vulnerabilities

4 known vulnerabilities affecting tshirtecommerce/custom_product_designer.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
4
Severity breakdown
CRITICAL2HIGH2

Vulnerabilities

Page 1 of 1
CVE-2023-27637P1CRITICALCVSS 9.8ExploitedPoCv2.1.42023-03-22
CVE-2023-27637 [CRITICAL] CWE-89 CVE-2023-27637: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.
nvd
CVE-2023-27638P1CRITICALCVSS 9.8ExploitedPoCv2.1.42023-03-22
CVE-2023-27638 [CRITICAL] CWE-89 CVE-2023-27638: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. Th
nvd
CVE-2023-27639P1HIGHCVSS 7.5ExploitedPoC≤ 2.1.42023-06-01
CVE-2023-27639 [HIGH] CWE-22 CVE-2023-27639: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and
nvd
CVE-2023-27640P2HIGHCVSS 7.5ExploitedPoC≤ 2.1.42023-06-01
CVE-2023-27640 [HIGH] CWE-22 CVE-2023-27640: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for Pre An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The c
nvd
Tshirtecommerce Custom Product Designer vulnerabilities | cvebase