CVE-2023-45383

Name of the Vulnerable Software and Affected Versions SoNice etiquetage module for PrestaShop versions up to 2.5.9

Description A path traversal attack can be performed by a guest to download personal information without restriction due to a lack of permissions control and a lack of control in the path name construction. This allows a guest to view all files on the information system.

Recommendations For versions up to 2.5.9, consider disabling the SoNice etiquetage module until a patch is available to prevent path traversal attacks. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using the module for handling personal information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.