CVE-2023-46346 Information

Description

In the module \Product Catalog (CSV Excel XML) Export PRO\ (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction a guest can perform a path traversal to view all files on the information system.

Reference

https://security.friendsofpresta.org/modules/2023/10/24/exportproducts.html