Headline
CVE-2022-45447: Multiple Vulnerabilities M4 Pdf Plugin Prestashop Sites | INCIBE-CERT
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.
Affected Resources
- M4 PDF plugin for Prestashop sites, 3.2.3 version and before.
Description
INCIBE has coordinated the publication of 2 vulnerabilities in M4 PDF plugin for Prestashop sites, which has been discovered by Francisco Díaz-Pache Alonso, David Álvarez Robles and Sergio Corral Cristo, members of Alisec Soluciones S.L Offensive Security Team.
These vulnerabilities have been assigned the following codes:
- CVE-2022-45447. A CVSS v3.1 base score of 6,5 has been calculated: the CVSS vector string is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability type is CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’).
- CVE-2022-45448. A CVSS v3.1 base score of 3,5 has been calculated: the CVSS vector string is AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N. The vulnerability type is CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).
Solution
There is still no solution for the reported vulnerabilities.
Detail
- CVE-2022-45447: M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.
- CVE-2022-45448: M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter.
If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE assignment and publication.