CVE-2023-45382
HIGHSoNice Retour < 2.1.0 - Unauthenticated Path Traversal and Arbitrary File Read
Title source: llmDescription
In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
References (2)
Core 2
Core References
Third Party Advisory
https://security.friendsofpresta.org/modules/2023/11/16/sonice_retour.html
Scores
CVSS v3
7.5
EPSS
0.0076
EPSS Percentile
50.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
common-services/sonice_retour
< 2.1.0
Published
Nov 17, 2023
Tracked Since
Feb 18, 2026