CVE-2022-46158

PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:30

Type Values Removed Values Added
References () https://github.com/PrestaShop/PrestaShop/commit/8684d429fb7c3bb51efb098e8b92a1fd2958f8cf - Patch, Third Party Advisory () https://github.com/PrestaShop/PrestaShop/commit/8684d429fb7c3bb51efb098e8b92a1fd2958f8cf - Patch, Third Party Advisory
References () https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-9qgp-9wwc-v29r - Third Party Advisory () https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-9qgp-9wwc-v29r - Third Party Advisory
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 5.3

07 Jul 2023, 19:02

Type Values Removed Values Added
CWE CWE-200 CWE-862

Information

Published : 2022-12-08 22:15

Updated : 2024-11-21 07:30


NVD link : CVE-2022-46158

Mitre link : CVE-2022-46158

CVE.ORG link : CVE-2022-46158


JSON object : View

Products Affected

prestashop

  • prestashop
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-862

Missing Authorization