Apollotheme Ap Pagebuilder vulnerabilities
3 known vulnerabilities affecting apollotheme/ap_pagebuilder.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-22897P1CRITICALCVSS 9.8ExploitedPoC≤ 2.4.52022-08-29
CVE-2022-22897 [CRITICAL] CWE-89 CVE-2022-22897: A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloT
A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.
nvd
CVE-2024-6648P1HIGHCVSS 7.5ExploitedPoCfixed in 4.0.02025-05-08
CVE-2024-6648 [HIGH] CWE-22 CVE-2024-6648: Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unau
Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.
nvd
CVE-2022-44897P4MEDIUMCVSS 6.1≤ 2.4.42023-01-31
CVE-2022-44897 [MEDIUM] CWE-79 CVE-2022-44897: A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 all
A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter.
nvd