Lucene search

K
TshirtecommerceCustom Product Designer

4 matches found

CVE
CVE
added 2023/06/01 9:15 p.m.60 views

CVE-2023-27640

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

7.5CVSS7.5AI score0.76832EPSS
CVE
CVE
added 2023/03/22 1:15 p.m.55 views

CVE-2023-27638

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomiz...

9.8CVSS9.6AI score0.4973EPSS
CVE
CVE
added 2023/06/01 9:15 p.m.48 views

CVE-2023-27639

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order t...

7.5CVSS7.5AI score0.76832EPSS
CVE
CVE
added 2023/03/22 1:15 p.m.41 views

CVE-2023-27637

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injec...

9.8CVSS9.6AI score0.4973EPSS