In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-17T00:00:00
Updated: 2024-08-12T14:07:50.551Z
Reserved: 2023-10-09T00:00:00
Link: CVE-2023-45382
Vulnrichment
Updated: 2024-08-02T20:21:16.563Z
NVD
Status : Modified
Published: 2023-11-17T02:15:26.387
Modified: 2024-08-12T14:35:01.743
Link: CVE-2023-45382
Redhat
No data.