Описание
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.3 (включая)
cpe:2.3:a:prestashop:m4_pdf:*:*:*:*:*:prestashop:*:*
EPSS
Процентиль: 46%
0.00236
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.
EPSS
Процентиль: 46%
0.00236
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22
CWE-22