EC-CUBE Directory traversal vulnerability

2022-05-2417:21:18

Google

osv.dev

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.5%

JSON

Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

CPENameOperatorVersion
ec-cube/ec-cubeeq3.0.1
ec-cube/ec-cubeeq3.0.13
ec-cube/ec-cubeeq3.0.0
ec-cube/ec-cubeeq3.0.11-RC
ec-cube/ec-cubeeq4.0.1
ec-cube/ec-cubeeq4.0.2
ec-cube/ec-cubeeq3.0.2
ec-cube/ec-cubeeq3.0.18
ec-cube/ec-cubeeq3.0.4
ec-cube/ec-cubeeq3.0.7

Name	Operator	Version
ec-cube/ec-cube	eq	3.0.1
ec-cube/ec-cube	eq	3.0.13
ec-cube/ec-cube	eq	3.0.0
ec-cube/ec-cube	eq	3.0.11-RC
ec-cube/ec-cube	eq	4.0.1
ec-cube/ec-cube	eq	4.0.2
ec-cube/ec-cube	eq	3.0.2
ec-cube/ec-cube	eq	3.0.18
ec-cube/ec-cube	eq	3.0.4
ec-cube/ec-cube	eq	3.0.7