Lucene search

Veracode Vulnerability DatabaseVERACODE:45534

HistoryFeb 20, 2024 - 6:11 a.m.

Path Traversal

2024-02-2006:11:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

prestashop

path traversal

frontcontroller

sensitive information disclosure

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

PrestaShop is vulnerable to Path Traversal. The vulnerability is due to a lack of file path validation in the getTemplateVarUrls function within FrontController.php. This can potentially lead to sensitive information disclosure.

CPENameOperatorVersion
prestashop/prestashople8.1.3
prestashop/prestashople8.1.3

CPE	Name	Operator	Version
	prestashop/prestashop	le	8.1.3
	prestashop/prestashop	le	8.1.3

References

github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863cf099dd5

github.com/PrestaShop/PrestaShop/releases/tag/8.1.4

github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr

owasp.org/www-community/attacks/Full_Path_Disclosure

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:45534