exploitDog

CVE-2024-6648

Опубликовано: 08 мая 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-ap-page-builder
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apollotheme:ap_pagebuilder:*:*:*:*:*:prestashop:*:*

Версия до 4.0.0 (исключая)

EPSS

Процентиль: 30%

0.00114

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-6m2f-83vf-p7fj

CVSS3: 7.5

github

9 месяцев назад

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.

EPSS

Процентиль: 30%

0.00114

Низкий

7.5 High

CVSS3

Дефекты

CWE-22