JVN#57942445: EC-CUBE fails to restrict access permissions

EC-CUBE provided by EC-CUBE CO.,LTD. fails to restrict access permissions (CWE-284) .

Impact

A remote attacker may obtain sensitive information.

Solution

Update the Softwere
Update the software according to the information provided by the developer.
The developer has released EC-CUBE 4.0.6-p1 that addresses the vulnerability.

Apply the Patch
Apply the hotfix patch according to the information provided by the developer.

Products Affected

• EC-CUBE 4.0.6 (EC-CUBE 4 series)
  According to the developer, this vulnerability is caused by a defect in the fix of JVN#95292458.