JVN#81111541 EC-CUBE vulnerable to SQL injection

ID JVN:81111541
Type jvn
Reporter Japan Vulnerability Notes
Modified 2008-10-16T00:00:00


## Description

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability.

## Impact

A remote attacker could obtain the website administrator's privilege which was created using EC-CUBE.

## Solution

Update the Software
Apply the latest updates provided by the vendor.

## Products Affected

  • EC-CUBE Ver2 Version 2.1.2a and earlier
  • EC-CUBE Ver2 RC Version 2.3.0-rc1 and earlier According to the vendor, EC-CUBE Ver1.x are not affected.