exploitDog

GHSA-6m2f-83vf-p7fj

Опубликовано: 08 мая 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.

Ссылки

EPSS

Процентиль: 30%

0.00114

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2024-6648

CVSS3: 7.5

nvd

9 месяцев назад

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.

EPSS

Процентиль: 30%

0.00114

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22