In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2023-11-17T00:00:00
Updated: 2024-08-12T14:07:50.551Z
Reserved: 2023-10-09T00:00:00
Link: CVE-2023-45382

Updated: 2024-08-02T20:21:16.563Z

Status : Modified
Published: 2023-11-17T02:15:26.387
Modified: 2024-11-21T08:26:52.033
Link: CVE-2023-45382

No data.