2 matches found
tshirtecommerce PrestaShop Module - SQL Injection
The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the tshirtecommercedesigncartid parameter, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database. This is due to lack of input sanitization, as shown in t...
PT-2023-21272 · Prestashop · Tshirtecommerce
Name of the Vulnerable Software and Affected Versions: tshirtecommerce aka Custom Product Designer component version 2.1.4 for PrestaShop Description: An issue was discovered in the tshirtecommerce component, where an HTTP request can be forged with a compromised product id GET parameter to explo...