EUVD-2018-1468

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Input validation flaw in multiple EC-CUBE and GMO-PG Payment Modules allows code execution by attackers.

Reporter	Title	Published	Views	Family All 8
CNVD	EC-CUBE Payment Module and GMO-PG Payment Module Input Validation Vulnerability	10 Aug 201800:00	–	cnvd
CVE	CVE-2018-0658	7 Sep 201814:00	–	cve
Cvelist	CVE-2018-0658	7 Sep 201814:00	–	cvelist
Japan Vulnerability Notes	JVN#06372244: Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE	9 Aug 201800:00	–	jvn
Japan Vulnerability Notes	Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE	9 Aug 201807:43	–	jvn
NVD	CVE-2018-0658	7 Sep 201814:29	–	nvd
OSV	CVE-2018-0658	7 Sep 201814:29	–	osv
Prion	Input validation	7 Sep 201814:29	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "8d9f72d1-d2c6-371d-a1f2-009bb3628900",
        "vendor": {
          "name": "GMO Payment Gateway, Inc."
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "f069a42d-bbaf-35d7-bc2a-ae282698af00",
        "product": {
          "name": "EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE"
        },
        "product_version": "(EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)"
      }
    ]
  }
]

Source	Link
jvn	www.jvn.jp/en/jp/JVN06372244/index.html
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7High risk

Vulners AI Score7

CVSS 37.2

CVSS 26.5

EPSS0.00668