CVE-2022-45447

Name of the Vulnerable Software and Affected Versions M4 PDF plugin for Prestashop sites versions 3.2.3 and before

Description The issue is related to a directory traversal vulnerability. The f parameter is not properly checked in the resource "/m4pdf/pdf.php", allowing an attacker to download any file given its relative path. This could potentially enable an attacker to access sensitive files, such as "/etc/passwd", if they exist on the server.

Recommendations For versions 3.2.3 and before, consider disabling the "/m4pdf/pdf.php" resource or restricting access to it until a patch is available. Additionally, avoid using the f parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.