CVE-2022-37346

EPSS 2.03% · P84 Updated May 22, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-37346

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

EC-CUBE 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

EC-CUBE是日本EC-CUBE公司的一套开源的电子商务系统。 EC-CUBE Plugin Product Image Bulk Upload Plugin 1.0.1及之前版本存在安全漏洞，该漏洞源于上传文件时验证不足，远程攻击者利用该漏洞可以上传图像文件以外的任意文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
EC-CUBE CO.,LTD.	Product Image Bulk Upload Plugin	1.0.0 and 4.1.0	-

II. Public POCs for CVE-2022-37346

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-37346

请登录查看更多情报信息。

https://www.ec-cube.net/info/weakness/20220909/product_images_uploader.phpx_refsource_MISC
https://jvn.jp/en/jp/JVN30900552/index.htmlx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2022-37346

Same Patch Batch · EC-CUBE CO.,LTD. · 2022-09-27 · 3 CVEs total

CVE-2022-38975		EC-CUBE 跨站脚本漏洞
CVE-2022-40199		EC-CUBE 路径遍历漏洞

IV. Related Vulnerabilities

Same vendor: EC-CUBE CO.,LTD.

V. Comments for CVE-2022-37346

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-37346

I. Basic Information for CVE-2022-37346

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-37346

III. Intelligence Information for CVE-2022-37346

Same Patch Batch · EC-CUBE CO.,LTD. · 2022-09-27 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-37346

Leave a comment