In the module “Account Manager | Sales Representative & Dealers | CRM” (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
[
{
"cpes": [
"cpe:2.3:a:prestaworld:prestasalesmanager:*:*:*:*:*:*:*:*"
],
"vendor": "prestaworld",
"product": "prestasalesmanager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "9.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]