JVN#31524757: EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

2016-02-19T00:00:00
ID JVN:31524757
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-02-19T00:00:00

Description

## Description

EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability (CWE-89).

## Impact

Information stored in the database may be obtained or altered by a remote attacker.

## Solution

Update the plugin
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Help plug-in version 1.3.5 and earlier