appagebuilder- PrestaShop module vulnerability (CVE-2024-6648)
Moduleappagebuilder
Score
7.5 HighDate publish
08-05-2025Versiones afectadas
- Less than 4.0.0
Description
Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.References
Metrics
| cvssMetricV40 | |||||
|---|---|---|---|---|---|
| source | cve-coordination@incibe.es | ||||
| type | Secondary | ||||
| version | 4.0 | ||||
| vectorString | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X | ||||
| baseScore | 8.7 | ||||
| baseSeverity | HIGH | ||||
| attackVector | NETWORK | ||||
| attackComplexity | LOW | ||||
| attackRequirements | NONE | ||||
| privilegesRequired | NONE | ||||
| userInteraction | NONE | ||||
| vulnConfidentialityImpact | HIGH | ||||
| vulnIntegrityImpact | NONE | ||||
| vulnAvailabilityImpact | NONE | ||||
| subConfidentialityImpact | NONE | ||||
| subIntegrityImpact | NONE | ||||
| subAvailabilityImpact | NONE | ||||
| exploitMaturity | NOT_DEFINED | ||||
| confidentialityRequirement | NOT_DEFINED | ||||
| integrityRequirement | NOT_DEFINED | ||||
| availabilityRequirement | NOT_DEFINED | ||||
| modifiedAttackVector | NOT_DEFINED | ||||
| modifiedAttackComplexity | NOT_DEFINED | ||||
| modifiedAttackRequirements | NOT_DEFINED | ||||
| modifiedPrivilegesRequired | NOT_DEFINED | ||||
| modifiedUserInteraction | NOT_DEFINED | ||||
| modifiedVulnConfidentialityImpact | NOT_DEFINED | ||||
| modifiedVulnIntegrityImpact | NOT_DEFINED | ||||
| modifiedVulnAvailabilityImpact | NOT_DEFINED | ||||
| modifiedSubConfidentialityImpact | NOT_DEFINED | ||||
| modifiedSubIntegrityImpact | NOT_DEFINED | ||||
| modifiedSubAvailabilityImpact | NOT_DEFINED | ||||
| Safety | NOT_DEFINED | ||||
| Automatable | NOT_DEFINED | ||||
| Recovery | NOT_DEFINED | ||||
| valueDensity | NOT_DEFINED | ||||
| vulnerabilityResponseEffort | NOT_DEFINED | ||||
| providerUrgency | NOT_DEFINED | ||||
| cvssMetricV31 | |||||
| source | nvd@nist.gov | ||||
| type | Primary | ||||
| version | 3.1 | ||||
| vectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||||
| baseScore | 7.5 | ||||
| baseSeverity | HIGH | ||||
| attackVector | NETWORK | ||||
| attackComplexity | LOW | ||||
| privilegesRequired | NONE | ||||
| userInteraction | NONE | ||||
| scope | UNCHANGED | ||||
| confidentialityImpact | HIGH | ||||
| integrityImpact | NONE | ||||
| availabilityImpact | NONE | ||||
| exploitabilityScore | 3.9 | ||||
| impactScore | 3.6 | ||||