Security Advisory

CVE-2022-45447

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-20 09:30:09

Last updated 2024-09-06 14:12:13

Assigner INCIBE

State PUBLISHED

Description

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.

← Browse all CVEs View on cve.org ↗