PT-2013-4547 · Ec Cube · Ec-Cube
Published
2013-06-29
·
Updated
2013-10-11
·
CVE-2013-3654
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EC-CUBE versions 2.12.0 through 2.12.4
Description
A directory traversal issue allows remote attackers to read arbitrary image files. This is related to vectors involving the files
data/class/SC CheckError.php and data/class/SC FormParam.php.Recommendations
For versions 2.12.0 through 2.12.4, consider restricting access to the affected files
data/class/SC CheckError.php and data/class/SC FormParam.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ec-Cube