Описание
In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
Ссылки
- Product
- PatchThird Party Advisory
- Product
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
EPSS
7.5 High
CVSS3