id: CVE-2023-39677 info: name: PrestaShop MyPrestaModules - PhpInfo Disclosure author: meme-lord severity: high description: | PrestaShop modules by MyPrestaModules expose PHPInfo reference: - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ - https://cve.report/CVE-2023-39677 - https://myprestamodules.com/ - https://sorcery.ie classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-39677 epss-score: 0.00632 epss-percentile: 0.76747 cpe: cpe:2.3:a:simpleimportproduct_project:simpleimportproduct:6.2.9:*:*:*:*:prestashop:*:* metadata: verified: true max-request: 2 vendor: simpleimportproduct_project product: simpleimportproduct framework: prestashop shodan-query: http.component:"PrestaShop" tags: cve,cve2023,prestashop,phpinfo,disclosure http: - method: GET path: - "{{BaseURL}}/modules/simpleimportproduct/send.php?phpinfo=1" - "{{BaseURL}}/modules/updateproducts/send.php?phpinfo=1" matchers-condition: and matchers: - type: word part: body words: - "PHP Extension" - "PHP Version" condition: and - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - '>PHP Version <\/td>