CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-45383

In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.0%

CVSS Severity

CVSS v3 Score 7.5

References

https://common-services.com/fr/home-fr/
https://security.friendsofpresta.org/modules/2023/10/17/sonice_etiquetage.html
https://common-services.com/fr/home-fr/
https://security.friendsofpresta.org/modules/2023/10/17/sonice_etiquetage.html

Products affected by CVE-2023-45383

Common-Services » Sonice Etiquetage » Version: N/A

cpe:2.3:a:common-services:sonice_etiquetage:-
Common-Services » Sonice Etiquetage » Version: 2.5.9

cpe:2.3:a:common-services:sonice_etiquetage:2.5.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-45383

Products

Pricing

Contact Us