CVE-2013-4702

CVE-2013-4702 : In EC-CUBE (LOCKON) Windows deployments, directory traversal via the doApiAction path (SC_Api_Operation.php) allows remote reading of arbitrary files. Affected: EC-CUBE 2.12.0–2.12.5. Root cause: traversal vectors in parameters (Operation, Service, Style, Validate, Version). Impac...