CVE-2023-30198: Path Traversal
First published: Mon Jun 12 2023(Updated: )
Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webbax Winbizpayment | <=1.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/173136/PrestaShop-Winbiz-Payment-Improper-Limitation.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/06/08/winbizpayment.html
- https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247
- https://packetstorm.news/files/id/173136
Frequently Asked Questions
What is CVE-2023-30198?
CVE-2023-30198 is a vulnerability in Prestashop winbizpayment <= 1.0.2 that allows incorrect access control via modules/winbizpayment/downloads/download.php.
How severe is CVE-2023-30198?
The severity of CVE-2023-30198 is rated as high with a CVSS score of 7.5.
What software is affected by CVE-2023-30198?
Prestashop winbizpayment version 1.0.2 and below are affected by CVE-2023-30198.
How can I fix CVE-2023-30198?
To fix CVE-2023-30198, update to a version of winbizpayment that is higher than 1.0.2.
Where can I find more information about CVE-2023-30198?
More information about CVE-2023-30198 can be found at the following references: [1] [2] [3].
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/references
- agent/tags
- agent/source
- vendor/webbax
- canonical/webbax winbizpayment
- version/webbax winbizpayment/1.0.2