CVE-2020-5590
packagist/ec-cube/ec-cube
Path Traversal
A directory traversal vulnerability in EC-CUBE allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
All versions starting from 3.0.0 up to 3.0.18, all versions starting from 4.0.0 up to 4.0.3
Upgrade to version 4.0.4 or above.
2020-06-25
source |