JVN#11458774: EC-CUBE fails to restrict access permissions

2016-04-26T00:00:00
ID JVN:11458774
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-04-26T00:00:00

Description

## Description

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions.

## Impact

A logged in attacker may bypass access restrictions, or delete access restriction settings.

## Solution

Apply the update or the patch
Apply the update or the patch according to the information provided by the developer.

## Products Affected

  • EC-CUBE 3.0.7 to 3.0.9