Critical severity9.8NVD Advisory· Published Sep 27, 2022· Updated Jun 17, 2026
CVE-2022-37346
CVE-2022-37346
Description
EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.0.0, 4.1.0+ 1 more
- (no CPE)range: 1.0.0, 4.1.0
- (no CPE)range: 1.0.0 and 4.1.0
Patches
Vulnerability mechanics
References
2- www.ec-cube.net/info/weakness/20220909/product_images_uploader.phpnvdPatchVendor Advisory
- jvn.jp/en/jp/JVN30900552/index.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.