CVE-2023-45382 Information

Description

In the module \SoNice Retour\ (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction a guest can perform a path traversal to view all files on the information system.

Reference

https://common-services.com/fr/home-fr/ https://security.friendsofpresta.org/modules/2023/11/16/sonice_retour.html