Japan Vulnerability NotesJVN:55545372JVN#55545372: EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0.001 Low
EPSS
Percentile
49.8%
BbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability (CWE-89).
Impact
A logged in attacker may execute SQL statements.
According to the developer, this vulnerability affects availability of the server that EC-CUBE resides, but information in the database can not be obtained or altered.
Solution
Do not use BbAdminViewsControl
Please stop use of BbAdminViewsControl.
The developer has stopped distributing the product.
Products Affected
- BbAdminViewsControl213 Ver1.0 and earlier
- BbAdminViewsControl Ver2.0 and earlier
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0.001 Low
EPSS
Percentile
49.8%