CVE-2023-39677

Published: Sep 20, 2023Modified: Feb 18, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.

Affected (2)

Products: Myprestamodules: Product Catalog (csv, Excel) Import · Updateproducts Project: Updateproducts

Myprestamodules

1 product

Product Catalog (csv, Excel) Import

Updateproducts Project

1 product

Updateproducts

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Myprestamodules Product Catalog (csv, Excel) Import	Version 6.2.9
Updateproducts Project Updateproducts	Version 3.6.9

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://blog.sorcery.ie/posts/myprestamodules_phpinfo/

Source: cve@mitre.org

ExploitThird Party Advisory

https://myprestamodules.com/

Source: cve@mitre.org

Product

https://sorcery.ie

Source: cve@mitre.org

Not Applicable

https://blog.sorcery.ie/posts/myprestamodules_phpinfo/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://myprestamodules.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://sorcery.ie

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.