CVE-2022-46158

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-46158

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46158.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-46158

Aliases

GHSA-9qgp-9wwc-v29r

Published

2022-12-08T21:50:44.155Z

Modified

2026-04-10T04:52:35.791486Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Potential Information exposure in the upload directory in PrestaShop

Details

PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/46xxx/CVE-2022-46158.json"
}

References

Affected packages

Git / github.com/prestashop/prestashop

Affected ranges

Type: GIT
Repo: https://github.com/prestashop/prestashop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

573839a859c92675af2d5482a3618426efad6ca1

Affected versions

1.*

1.6.0.1

1.6.0.3

1.6.1.0

1.7.0.0-beta.1.0

1.7.0.0-beta.2.0

1.7.0.0-beta.4.0

1.7.0.0-rc.0.0

1.7.8.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46158.json"