CVE-2023-45383

HIGH

SoNice Etiquetage < 2.5.9 - Unauthenticated Path Traversal

Title source: llm

Description

In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.

References (2)

Core 2

Core References

Product

https://common-services.com/fr/home-fr/

Patch, Third Party Advisory

https://security.friendsofpresta.org/modules/2023/10/17/sonice_etiquetage.html

Scores

CVSS v3 7.5

EPSS 0.0058

EPSS Percentile 43.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

common-services/sonice_etiquetage < 2.5.9

Published Oct 18, 2023

Tracked Since Feb 18, 2026