PrestaShop `tshirtecommerce` Module - SQL Injection
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
9 days
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the designer endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database.
References:
- https://security.friendsofpresta.org/module/2023/03/21/tshirtecommerce_cwe-89.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-27637
- https://codecanyon.net/item/prestashop-custom-product-designer/19202018
- https://tshirtecommerce.com/
Remediation:
Update the tshirtecommerce module to the latest version and apply all security patches.