First published: Thu Dec 08 2022(Updated: )
PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | <1.7.8.8 | |
<1.7.8.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-46158 is a vulnerability in PrestaShop, an open-source e-commerce solution, that allows users to view the contents of the upload directory without appropriate permissions.
CVE-2022-46158 has a severity value of 4.3, which is considered medium.
To fix CVE-2022-46158, users are advised to upgrade PrestaShop to version 1.7.8.8 or later.
More information about CVE-2022-46158 can be found in the following references: [GitHub Commit](https://github.com/PrestaShop/PrestaShop/commit/8684d429fb7c3bb51efb098e8b92a1fd2958f8cf) and [GitHub Security Advisory](https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-9qgp-9wwc-v29r).
CVE-2022-46158 is associated with CWE-862 (Missing Authorization) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).