CVE-2022-45447 in M4 PDF Plugin
Summary
by MITRE • 09/20/2023
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/20/2023
The vulnerability identified as CVE-2022-45447 affects the M4 PDF plugin for Prestashop platforms, specifically versions 3.2.3 and earlier, presenting a critical directory traversal flaw that undermines the security posture of affected e-commerce systems. This vulnerability exists within the resource file /m4pdf/pdf.php where the "f" parameter undergoes insufficient validation, creating an exploitable condition that allows unauthorized file access through crafted requests. The flaw represents a classic path traversal vulnerability that enables attackers to retrieve arbitrary files from the server's file system by manipulating the file parameter to specify relative paths.
The technical implementation of this vulnerability stems from improper input sanitization and validation within the plugin's file handling mechanism. When the "f" parameter is passed to the pdf.php endpoint without adequate filtering or canonicalization, the system processes the user-supplied path directly, allowing attackers to navigate through the file system hierarchy using directory traversal sequences such as "../". This weakness aligns with CWE-22, which specifically addresses improper limitation of a pathname to a restricted directory, commonly known as path traversal or directory traversal attacks. The vulnerability operates at the application layer, affecting the web application's file system access controls and potentially exposing sensitive system files.
The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with the capability to access critical system files including /etc/passwd, which contains user account information and password hashes. This access could enable further exploitation attempts such as privilege escalation, credential harvesting, or the discovery of additional system vulnerabilities. The attack vector is particularly concerning for e-commerce platforms running Prestashop, as these systems often contain sensitive customer data, payment information, and business-critical files that could be accessed through this vulnerability. The exposure of system files like /etc/passwd could provide attackers with valuable information for crafting more sophisticated attacks against the affected systems.
Organizations should implement immediate mitigations including applying the vendor-supplied patch or upgrade to a version that resolves the directory traversal vulnerability, as well as implementing web application firewalls that can detect and block malicious path traversal attempts. Input validation should be strengthened to ensure all file parameters undergo proper sanitization and canonicalization before being processed. The principle of least privilege should be enforced by restricting file system access permissions for the web application, and regular security assessments should be conducted to identify similar vulnerabilities in other components of the application stack. This vulnerability demonstrates the critical importance of proper input validation and the potential consequences of inadequate security controls in web applications, particularly those handling sensitive data in e-commerce environments. The ATT&CK framework categorizes this vulnerability under T1083 (File and Directory Discovery) and T1566 (Phishing), as it enables attackers to gather information about the target system and potentially use this information for further attacks.