CVE-2023-39677 – This vulnerability allows unauthenticated attac... (How to Fix)

📋 TL;DR

This vulnerability allows unauthenticated attackers to access PHP configuration information via the send.php file in affected Prestashop modules. It exposes sensitive server details like environment variables, configuration settings, and system paths. All websites using MyPrestaModules v6.2.9 or UpdateProducts v3.6.9 are affected.

💻 Affected Systems

Products:

MyPrestaModules Prestashop Module
UpdateProducts Prestashop Module

Versions: v6.2.9 and v3.6.9 respectively

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Prestashop installations using these specific module versions. The vulnerability is in the send.php file included with these modules.

📦 What is this software?

Product Catalog \(csv\, Excel\) Import by Myprestamodules

View all CVEs affecting Product Catalog \(csv\, Excel\) Import →

Updateproducts by Updateproducts Project

View all CVEs affecting Updateproducts →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain complete PHP configuration including database credentials, API keys, and server paths, leading to full system compromise through follow-up attacks.

🟠

Likely Case

Attackers gather reconnaissance data about server configuration, PHP settings, and installed modules to plan targeted attacks.

🟢

If Mitigated

Information disclosure limited to non-sensitive PHP settings if proper access controls and file permissions are implemented.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is typically internet-accessible and requires no authentication.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to gather system information for lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only accessing the vulnerable send.php URL. No special tools or skills needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest versions from MyPrestaModules

Vendor Advisory: https://myprestamodules.com/

Restart Required: No

Instructions:

1. Log into Prestashop admin panel
2. Navigate to Modules > Module Manager
3. Check for updates to MyPrestaModules and UpdateProducts modules
4. Update to latest versions
5. Clear Prestashop cache

🔧 Temporary Workarounds

Remove send.php file

linux

Delete or rename the vulnerable send.php file to prevent access

rm modules/myprestamodules/send.php
rm modules/updateproducts/send.php

Restrict access via .htaccess

all

Block access to send.php files using web server configuration

<Files "send.php">
  Order Allow,Deny
  Deny from all
</Files>

🧯 If You Can't Patch

Implement web application firewall rules to block requests to send.php
Restrict module directory permissions to prevent unauthorized file access

🔍 How to Verify

Check if Vulnerable:

Access http://your-site.com/modules/myprestamodules/send.php or http://your-site.com/modules/updateproducts/send.php. If PHP configuration information is displayed, the system is vulnerable.

Check Version:

Check module versions in Prestashop admin panel under Modules > Module Manager

Verify Fix Applied:

Attempt to access the send.php URLs after patching. You should receive a 404 error or access denied message instead of PHP information.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /modules/*/send.php
Unusual access to module directories

Network Indicators:

GET requests to send.php endpoints
Traffic patterns showing reconnaissance activity

SIEM Query:

source="web_access_logs" AND uri="/modules/*/send.php"

📊 Metadata

CVE ID: CVE-2023-39677

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: September 20, 2023

Last Updated: February 18, 2026

🔗 References

https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ Exploit,Third Party Advisory
https://myprestamodules.com/ Product
https://sorcery.ie Not Applicable
https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ Exploit,Third Party Advisory
https://myprestamodules.com/ Product
https://sorcery.ie Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39677, you might also want to check these: