Directory traversal

2013-08-3021:55:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.0%

JSON

Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.

CPENameOperatorVersion
ec-cubeeq2.12.5-en
ec-cubeeq2.12.5
ec-cubeeq2.12.4
ec-cubeeq2.12.3
ec-cubeeq2.12.1
ec-cubeeq2.12.4-en
ec-cubeeq2.12.3-enp2
ec-cubeeq2.12.3-enp1
ec-cubeeq2.12.0
ec-cubeeq2.12.2

Name	Operator	Version
ec-cube	eq	2.12.5-en
ec-cube	eq	2.12.5
ec-cube	eq	2.12.4
ec-cube	eq	2.12.3
ec-cube	eq	2.12.1
ec-cube	eq	2.12.4-en
ec-cube	eq	2.12.3-enp2
ec-cube	eq	2.12.3-enp1
ec-cube	eq	2.12.0
ec-cube	eq	2.12.2