Описание
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.
Ссылки
- Product
- ExploitPatchThird Party Advisory
- Product
- Product
- ExploitPatchThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tshirtecommerce:custom_product_designer:2.1.4:*:*:*:*:prestashop:*:*
EPSS
Процентиль: 98%
0.58686
Средний
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
почти 3 года назад
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.
EPSS
Процентиль: 98%
0.58686
Средний
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89