Path Traversal in Lockon Ec-cube

CVE-2013-4702

Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) O…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.006 (70.7th percentile) — read the EPSS interpretation.

Affected products

Lockon Ec-cube — versions 2.12.0, 2.12.1, 2.12.2
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

96756 (x_refsource_OSVDB, vdb-entry)
JVN#15973066 (x_refsource_JVN, third-party-advisory)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Vendor Advisory)
JVNDB-2013-000081 (x_refsource_JVNDB, third-party-advisory)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Exploit, Patch)
vultures@jpcert.or.jp (x_refsource_CONFIRM)