CVE-2013-3654

Name of the Vulnerable Software and Affected Versions EC-CUBE versions 2.12.0 through 2.12.4

Description A directory traversal issue allows remote attackers to read arbitrary image files. This is related to vectors involving the files data/class/SC CheckError.php and data/class/SC FormParam.php.

Recommendations For versions 2.12.0 through 2.12.4, consider restricting access to the affected files data/class/SC CheckError.php and data/class/SC FormParam.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.