Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 22/03/2023 Updated: 21/06/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

An issue exists in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tshirtecommerce custom product designer 2.1.4

CWE-89 https://codecanyon.net/item/prestashop-custom-product-designer/19202018 https://tshirtecommerce.com/https://friends-of-presta.github.io/security-advisories/module/2023/03/21/tshirtecommerce_cwe-89.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-27637

Vulnerability Summary

References

Vulmon Search

About

Products

Connect