.. / CVE-2023-27639

Exploit for PrestaShop TshirteCommerce - Directory Traversal (CVE-2023-27639)

Description:

The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.

Nuclei Template

View the template here CVE-2023-27639.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-27639.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-27639
https://www.cvedetails.com/cve/CVE-2023-27639/
https://security.friendsofpresta.org/module/2023/03/30/tshirtecommerce_cwe-22.html