JVN#30900552
EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files
Overview
EC-CUBE plugin "Product Image Bulk Upload Plugin" provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files.
Products Affected
- EC-CUBE plugin "Product Image Bulk Upload Plugin" 1.0.0
- EC-CUBE plugin "Product Image Bulk Upload Plugin" 4.1.0
Description
EC-CUBE plugin "Product Image Bulk Upload Plugin", a plugin that enables to upload image files, provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files (CWE-20).
Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files.
Impact
One of the attack scenarios and the possible impacts is as follows:
If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to uploads a specially crafted file, an arbitrary script may be executed on the system.
Solution
Update the plugin
Update the plugin to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| EC-CUBE CO.,LTD. | Vulnerable | 2022/09/15 | EC-CUBE CO.,LTD. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2022-37346 |
| JVN iPedia |
JVNDB-2022-000072 |