Identifier

CVE-2020-5590

Package Slug

packagist/ec-cube/ec-cube

Vulnerability

Path Traversal

Description

A directory traversal vulnerability in EC-CUBE allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

Affected Versions

All versions starting from 3.0.0 up to 3.0.18, all versions starting from 4.0.0 up to 4.0.3

Solution

Upgrade to version 4.0.4 or above.

Last Modified

2020-06-25

source