Japan Vulnerability NotesJVN:19072922JVN#19072922 EC-CUBE vulnerable to SQL injection
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
50.7%
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability.
This vulnerability is different from JVN#81111541.
Impact
A remote attacker could obtain the website administratorβs privilege which was created using EC-CUBE.
Solution
Update the Software
Apply the latest updates provided by the vendor.
Products Affected
All the versions of EC-CUBE are affected.
- EC-CUBE Ver2 Version 2.3.0 and earlier
- EC-CUBE Ver2 RC Version 2.3.0-rc1 and earlier
- EC-CUBE Ver1 Version 1.4.7 and earlier
- EC-CUBE Ver1 Beta Version 1.5.0-beta2 and earlier
- EC-CUBE Community Edition 1.3.5 and earlier
- EC-CUBE Community Edition Nightly-Build r17668 and earlier
For more information, refer to the vendorβs website.
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
50.7%