Published: 12/06/2023 Updated: 27/06/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webbax winbizpayment

# Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory # Date: 2023-06-20 # Dork: /modules/winbizpayment/downloads/downloadphp # country: Iran # Exploit Author: Amirhossein Bahramizadeh # Category : webapps # Vendor Homepage: shopwebbaxch/modules-pour-winbiz/153-module-prestashop-w ...

PrestaShop Winbiz Payment module suffers from an improper limitation of a Pathname to a restricted directory ...

CWE-22 https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247 https://friends-of-presta.github.io/security-advisories/modules/2023/06/08/winbizpayment.html http://packetstormsecurity.com/files/173136/PrestaShop-Winbiz-Payment-Improper-Limitation.html https://nvd.nist.gov https://www.exploit-db.com/exploits/51545

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-30198

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect