PrestaShop `tshirtecommerce` Module - SQL Injection
The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the designer endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database.
References:
- https://security.friendsofpresta.org/module/2023/03/21/tshirtecommerce_cwe-89.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-27637
- https://codecanyon.net/item/prestashop-custom-product-designer/19202018
- https://tshirtecommerce.com/
Remediation:
Update the tshirtecommerce module to the latest version and apply all security patches.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
9 days
Scan only one
Domain, Subdomain, IPv4
Toolbox