EC-CUBE Directory traversal vulnerability
High severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Apr 25, 2024
Package
Affected versions
>= 3.0.0, <= 3.0.18
>= 4.0.0, <= 4.0.3
Patched versions
4.0.4
Description
Published by the National Vulnerability Database
Jun 19, 2020
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Apr 25, 2024
Reviewed
Apr 25, 2024
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
References