-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in product management functionality where file deletion occurs. Both the controller handling product operations and the service handling file deletion would be responsible for path validation. The vendor's advisory specifically links the vulnerability to product registration features, and path traversal typically occurs when user input isn't properly sanitized before filesystem operations. The high confidence comes from the CWE-22 classification matching unvalidated path handling patterns in these components.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ec-cube/ec-cube | composer | >= 3.0.0, <= 3.0.18 | |
| ec-cube/ec-cube | composer | >= 4.0.0, <= 4.0.3 | 4.0.4 |