Vulnerability Details CVE-2024-6648
Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.2%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-6648
-
cpe:2.3:a:apollotheme:ap_pagebuilder:-
-
cpe:2.3:a:apollotheme:ap_pagebuilder:2.4.4
-
cpe:2.3:a:apollotheme:ap_pagebuilder:2.4.5