Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2013-08-30T21:00:00
Updated: 2024-08-06T16:52:27.004Z
Reserved: 2013-06-26T00:00:00
Link: CVE-2013-4702
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-08-30T21:55:09.783
Modified: 2013-09-12T03:36:55.387
Link: CVE-2013-4702
Redhat
No data.