logo
DATABASE RESOURCES PRICING ABOUT US

JVN#77458946: EC-CUBE vulnerable to directory traversal

Description

EC-CUBE provided by EC-CUBE CO.,LTD. contains a directory traversal vulnerability (CWE-22). ## Impact A user who can login to the management screen of the product may delete arbitrary files and/or directories on the server. ## Solution **Update the Software** The update for EC-CUBE 4 is available. Update the software to the latest version according to the information provided by the developer. The update for EC-CUBE 3 is not provided but the patch is available instead. **Apply the Patch** Patches for EC-CUBE 3 and EC-CUBE 4 are available. For more information, refer to the information provided by the developer. ## Products Affected * EC-CUBE 3.0.0 to 3.0.18 * EC-CUBE 4.0.0 to 4.0.3


Related