Lucene search
Japan Vulnerability NotesJVN:81111541HistoryOct 01, 2008 - 12:00 a.m.
JVN#81111541 EC-CUBE vulnerable to SQL injection
2008-10-0100:00:00
Japan Vulnerability Notes
jvn.jp
22
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.003
Percentile
72.1%
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability.
Impact
A remote attacker could obtain the website administrator’s privilege which was created using EC-CUBE.
Solution
Update the Software
Apply the latest updates provided by the vendor.
Products Affected
- EC-CUBE Ver2 Version 2.1.2a and earlier
- EC-CUBE Ver2 RC Version 2.3.0-rc1 and earlier
According to the vendor, EC-CUBE Ver1.x are not affected.
Related
cvelist
cvelist
CVE-2008-4534
2008-10-10 18:00:00
nvd
nvd
CVE-2008-4534
2008-10-10 18:13:00
prion
prion
Sql injection
2008-10-10 18:13:00
cve
cve
CVE-2008-4534
2008-10-10 18:13:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.003
Percentile
72.1%
Related for JVN:81111541