JVN#37878530: EC-CUBE vulnerable to cross-site request forgery

2011-05-10T00:00:00
ID JVN:37878530
Type jvn
Reporter Japan Vulnerability Notes
Modified 2011-05-10T00:00:00

Description

## Description

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability.

## Impact

If a user views a malicious page while logged in, information stored within EC-CUBE may be altered.

## Solution

Update the Software
Apply the latest update provided by the developer.

## Products Affected

  • EC-CUBE versions prior to 2.11.0