CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
EPSS
Percentile
72.0%
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability.
A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered.
Apply the update or patch
Apply the update or patch according to the information provided by the developer.