CVE-2023-45383 Information

Description

In the module \SoNice etiquetage\ (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction a guest can perform a path traversal to view all files on the information system.

Reference

https://common-services.com/fr/home-fr/ https://security.friendsofpresta.org/modules/2023/10/17/sonice_etiquetage.html