Critical severity9.8NVD Advisory· Published Mar 22, 2023· Updated Jun 17, 2026
CVE-2023-27638
CVE-2023-27638
Description
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- tshirtecommerce/Custom Product Designerdescription
- Range: = 2.1.4
Patches
Vulnerability mechanics
References
3- friends-of-presta.github.io/security-advisories/module/2023/03/21/tshirtecommerce_cwe-89.htmlnvdExploitPatchThird Party Advisory
- codecanyon.net/item/prestashop-custom-product-designer/19202018nvdProduct
- tshirtecommerce.comnvdProduct
News mentions
0No linked articles in our index yet.