M4 Pdf Security Vulnerabilities and Issues — M4 Pdf CVE List

Lucene search

PrestashopM4 Pdf

3 matches found

CVE•added 2024/06/24 11:15 p.m.•34 views

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method.

10CVSS8AI score0.00199EPSS

CVE•added 2023/09/20 1:15 p.m.•29 views

CVE-2022-45448

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed docu...

6.1CVSS4.7AI score0.00063EPSS

CVE•added 2023/09/20 10:15 a.m.•24 views

CVE-2022-45447

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could downloa...

6.5CVSS6.4AI score0.00236EPSS