CVE-2023-46346

Name of the Vulnerable Software and Affected Versions Product Catalog (CSV, Excel, XML) Export PRO versions up to 4.1.1

Description A path traversal attack can be performed by a guest to download personal information without restriction. This is due to a lack of permissions control and a lack of control in the path name construction, allowing a guest to view all files on the information system.

Recommendations For versions up to 4.1.1, consider disabling the module "Product Catalog (CSV, Excel, XML) Export PRO" until a patch is available to prevent path traversal attacks. Restrict access to sensitive files and directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.