Lucene search

GoogleOSV:GHSA-WJPV-FRF2-3R58

HistorySep 28, 2022 - 12:00 a.m.

EC-CUBE Directory traversal vulnerability

2022-09-2800:00:16

Google

osv.dev

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product’s directory structure information.

CPENameOperatorVersion
ec-cube/ec-cubeeq4.1.1
ec-cube/ec-cubeeq3.0.17
ec-cube/ec-cubeeq4.1-beta2
ec-cube/ec-cubeeq3.0.0
ec-cube/ec-cubeeq3.0.15
ec-cube/ec-cubeeq4.1-beta3
ec-cube/ec-cubeeq3.0.12-p1
ec-cube/ec-cubeeq4.0.5
ec-cube/ec-cubeeq3.0.3
ec-cube/ec-cubeeq4.1-beta3-20210901

Name	Operator	Version
ec-cube/ec-cube	eq	4.1.1
ec-cube/ec-cube	eq	3.0.17
ec-cube/ec-cube	eq	4.1-beta2
ec-cube/ec-cube	eq	3.0.0
ec-cube/ec-cube	eq	3.0.15
ec-cube/ec-cube	eq	4.1-beta3
ec-cube/ec-cube	eq	3.0.12-p1
ec-cube/ec-cube	eq	4.0.5
ec-cube/ec-cube	eq	3.0.3
ec-cube/ec-cube	eq	4.1-beta3-20210901

Rows per page:

1-10 of 441

References

github.com/EC-CUBE/ec-cube

jvn.jp/en/jp/JVN21213852/index.html

nvd.nist.gov/vuln/detail/CVE-2022-40199

www.ec-cube.net/info/weakness/20220909

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for OSV:GHSA-WJPV-FRF2-3R58