Lucene search

K
githubGitHub Advisory DatabaseGHSA-WJPV-FRF2-3R58
HistorySep 28, 2022 - 12:00 a.m.

EC-CUBE Directory traversal vulnerability

2022-09-2800:00:16
CWE-22
GitHub Advisory Database
github.com
4

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.5%

Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product’s directory structure information.

Affected configurations

Vulners
Node
ec-cubeec-cubeRange4.1.2
OR
ec-cubeec-cubeRange3.0.18-p4

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.5%

Related for GHSA-WJPV-FRF2-3R58