CVE-2024-25840

Name of the Vulnerable Software and Affected Versions PrestaShop module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) versions up to 9.0

Description A guest can download personal information without restriction by performing a path traversal attack in the affected module.

Recommendations For versions up to 9.0, consider restricting access to the module until a patch is available to prevent unauthorized downloads of personal information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.