vendor:
Winbiz Payment module
by:
Amirhossein Bahramizadeh
N/A
CVSS
MEDIUM
Improper Limitation of a Pathname to a Restricted Directory
22
CWE
Product Name: Winbiz Payment module
Affected Version From: 17.1.2003
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2023-30198
CPE: a:prestashop:winbiz_payment_module
Platforms Tested: Windows, Linux
2023
PrestaShop Winbiz Payment module – Improper Limitation of a Pathname to a Restricted Directory
The PrestaShop Winbiz Payment module is vulnerable to an Improper Limitation of a Pathname to a Restricted Directory vulnerability. This vulnerability allows an attacker to download arbitrary files from the server.
Mitigation:
Update to the latest version of the PrestaShop Winbiz Payment module to fix this vulnerability. Additionally, restrict access to the vulnerable file and directory to prevent unauthorized access.