CVE-2023-39677

HIGH NUCLEI

Simpleimportproduct - Information Disclosure

Title source: rule

Description

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.

Nuclei Templates (1)

PrestaShop MyPrestaModules - PhpInfo Disclosure

HIGHVERIFIEDby meme-lord

Shodan: http.component:"PrestaShop" || http.component:"prestashop"

References (3)

[Exploit, Third Party Advisory] https://blog.sorcery.ie/posts/myprestamodules_phpinfo/

[Product] https://myprestamodules.com/

[Not Applicable] https://sorcery.ie

Scores

CVSS v3 7.5

EPSS 0.7722

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (3)

myprestamodules/product_catalog_\(csv\,_excel\)_import 6.2.9

simpleimportproduct_project/simpleimportproduct 6.2.9

updateproducts_project/updateproducts 3.6.9

Published Sep 20, 2023

Tracked Since Feb 18, 2026