JVN#61077110: EC-CUBE vulnerable to information disclosure

2013-11-20T00:00:00
ID JVN:61077110
Type jvn
Reporter Japan Vulnerability Notes
Modified 2013-11-20T00:00:00

Description

## Description

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure.

## Impact

A user who visits the shopping site may view the information managed by the website owner.

## Solution

Apply the update or the patch
Apply the update or the patch according to the information provided by the developer.

## Products Affected

  • EC-CUBE 2.11.0
  • EC-CUBE 2.11.1
  • EC-CUBE 2.11.2
  • EC-CUBE 2.11.3
  • EC-CUBE 2.11.4
  • EC-CUBE 2.11.5