.. / CVE-2023-27640

Exploit for PrestaShop tshirtecommerce - Directory Traversal (CVE-2023-27640)

Description:

The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.

Nuclei Template

View the template here CVE-2023-27640.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-27640.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-27640
https://security.friendsofpresta.org/module/2023/03/30/tshirtecommerce_cwe-22.html
https://www.cvedetails.com/cve/CVE-2023-27640/