CVE-2024-6648

HIGH

AP Page Builder <4.0.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-6648. PoCs published by n0d0n.

AI-analyzed exploit summary This repository provides a Nuclei template for detecting CVE-2024-6648, an absolute path traversal vulnerability in the Prestashop ApPage Builder plugin. The template is designed to scan target URLs for the presence of this vulnerability.

Description

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.

Exploits (1)

nomisec SCANNER

by n0d0n · poc

https://github.com/n0d0n/CVE-2024-6648

View Code ZIP pw:eip

This repository provides a Nuclei template for detecting CVE-2024-6648, an absolute path traversal vulnerability in the Prestashop ApPage Builder plugin. The template is designed to scan target URLs for the presence of this vulnerability.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Prestashop ApPage Builder plugin

No auth needed

Prerequisites: Nuclei installed · Target URL with Prestashop ApPage Builder plugin

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-ap-page-builder

Scores

CVSS v3 7.5

EPSS 0.0056

EPSS Percentile 41.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

apollotheme/ap_pagebuilder < 4.0.0

Published May 08, 2025

Tracked Since Feb 18, 2026