JVN#55545372: EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection

2015-12-03T00:00:00
ID JVN:55545372
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-07-07T00:00:00

Description

## Description

BbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability (CWE-89).

## Impact

A logged in attacker may execute SQL statements.
According to the developer, this vulnerability affects availability of the server that EC-CUBE resides, but information in the database can not be obtained or altered.

## Solution

Do not use BbAdminViewsControl
Please stop use of BbAdminViewsControl.
The developer has stopped distributing the product.

## Products Affected

  • BbAdminViewsControl213 Ver1.0 and earlier
  • BbAdminViewsControl Ver2.0 and earlier