id: CVE-2023-39677 info: name: PrestaShop MyPrestaModules - PhpInfo Disclosure author: meme-lord severity: high description: | PrestaShop modules by MyPrestaModules expose PHPInfo reference: - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ - https://cve.report/CVE-2023-39677 - https://myprestamodules.com/ - https://sorcery.ie classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-39677 epss-score: 0.00632 epss-percentile: 0.76689 cpe: cpe:2.3:a:simpleimportproduct_project:simpleimportproduct:6.2.9:*:*:*:*:prestashop:*:* metadata: verified: true max-request: 2 vendor: simpleimportproduct_project product: simpleimportproduct framework: prestashop shodan-query: http.component:"PrestaShop" tags: cve,cve2023,prestashop,phpinfo,disclosure,simpleimportproduct_project http: - method: GET path: - "{{BaseURL}}/modules/simpleimportproduct/send.php?phpinfo=1" - "{{BaseURL}}/modules/updateproducts/send.php?phpinfo=1" matchers-condition: and matchers: - type: word part: body words: - "PHP Extension" - "PHP Version" condition: and - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - '>PHP Version <\/td>([0-9.]+)' # digest: 490a0046304402205aee581ca70de7e6dbb2aaccee1b3ba9c512be2621623b60b39c5f52b45085c602204841a558df7bd1eb8ef0d2e3d64d519e10d45cb7bcb3d050aa84fbaa3a1e8d84:922c64590222798bb761d5b6d8e72950