PrestaShop `tshirtecommerce` Module - SQL Injection

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

9 days

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the designer endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database.

References:

https://security.friendsofpresta.org/module/2023/03/21/tshirtecommerce_cwe-89.html
https://nvd.nist.gov/vuln/detail/CVE-2023-27637
https://codecanyon.net/item/prestashop-custom-product-designer/19202018
https://tshirtecommerce.com/

Remediation:
Update the tshirtecommerce module to the latest version and apply all security patches.

Get started to protecting your digital assets

Start trial See the plans

PrestaShop `tshirtecommerce` Module - SQL Injection

Short Info

-

Detail

Category