CVE-2022-45447
Published: 20 September 2023
Summary
CVE-2022-45447 is a medium-severity Path Traversal (CWE-22) vulnerability in Prestashop M4 Pdf. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 46.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-48315
- 🇪🇸 INCIBE: www.incibe.es
Vulnerability details
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that…
more
exploits this vulnerability could download /etc/passwd from the server if the file exists.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.