Low severityNVD Advisory· Published Sep 27, 2022· Updated May 21, 2025
CVE-2022-40199
CVE-2022-40199
Description
Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ec-cube/ec-cubePackagist | >= 3.0.0, <= 3.0.18-p4 | — |
ec-cube/ec-cubePackagist | >= 4.0.0, <= 4.1.2 | — |
Affected products
2- Range: EC-CUBE 3.0.0 to 3.0.18-p4 and EC-CUBE 4.0.0 to 4.1.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wjpv-frf2-3r58ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-40199ghsaADVISORY
- jvn.jp/en/jp/JVN21213852/index.htmlghsax_refsource_MISCWEB
- www.ec-cube.net/info/weakness/20220909ghsaWEB
- www.ec-cube.net/info/weakness/20220909/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.