Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-6648

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.

Published

2025-05-08T13:15:50.657

Last Modified

2025-05-13T18:28:07.253

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apollotheme	ap_pagebuilder	< 4.0.0	Yes

References

https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-ap-page-builder Third Party Advisory ([email protected])