2 matches found
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the ValidateVersion function. An attacker with administrative access can set up a network share and supply a UNC path to the /System/MediaEncoder/Path endpoint, which points to an executable on the network...
CVE-2013-4702
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SCApiOperation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a 1 Operation, 2 Service, 3 Style, 4 Validate, or 5 Version value...