Описание
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
Ссылки
- ExploitPatch
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.4:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.4en:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.5:*:*:*:*:*:*:*
cpe:2.3:a:lockon:ec-cube:2.12.5en:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.0063
Низкий
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
EPSS
Процентиль: 70%
0.0063
Низкий
5 Medium
CVSS2
Дефекты
CWE-22