ID JVN:81111541
Type jvn
Reporter Japan Vulnerability Notes
Modified 2008-10-16T00:00:00
Description
## Description
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability.
## Impact
A remote attacker could obtain the website administrator's privilege which was created using EC-CUBE.
## Solution
Update the Software
Apply the latest updates provided by the vendor.
## Products Affected
- EC-CUBE Ver2 Version 2.1.2a and earlier
- EC-CUBE Ver2 RC Version 2.3.0-rc1 and earlier
According to the vendor, EC-CUBE Ver1.x are not affected.
{"id": "JVN:81111541", "bulletinFamily": "info", "title": "JVN#81111541 EC-CUBE vulnerable to SQL injection", "description": "\n ## Description\n\nEC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. \n\n ## Impact\n\nA remote attacker could obtain the website administrator's privilege which was created using EC-CUBE. \n\n ## Solution\n\n**Update the Software** \nApply the latest updates provided by the vendor. \n\n ## Products Affected\n\n * EC-CUBE Ver2 Version 2.1.2a and earlier\n * EC-CUBE Ver2 RC Version 2.3.0-rc1 and earlier\nAccording to the vendor, EC-CUBE Ver1.x are not affected. \n", "published": "2008-10-01T00:00:00", "modified": "2008-10-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://jvn.jp/en/jp/JVN81111541/index.html", "reporter": "Japan Vulnerability Notes", "references": [], "cvelist": ["CVE-2008-4534"], "type": "jvn", "lastseen": "2019-05-29T17:21:26", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4534"]}], "modified": "2019-05-29T17:21:26", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2019-05-29T17:21:26", "rev": 2}, "vulnersScore": 5.8}, "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:28:25", "description": "SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2008-10-10T18:13:00", "title": "CVE-2008-4534", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4534"], "modified": "2017-08-08T01:32:00", "cpe": ["cpe:/a:ec-cube:ec-cube:1.0", "cpe:/a:ec-cube:ec-cube:1.4.7", "cpe:/a:ec-cube:ec-cube:1.5.0", "cpe:/a:ec-cube:ec-cube:2.3.0", "cpe:/a:ec-cube:ec-cube:2.1.2a"], "id": "CVE-2008-4534", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4534", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ec-cube:ec-cube:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ec-cube:ec-cube:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ec-cube:ec-cube:2.1.2a:*:*:*:*:*:*:*", "cpe:2.3:a:ec-cube:ec-cube:1.5.0:b2:*:*:*:*:*:*", "cpe:2.3:a:ec-cube:ec-cube:1.0:*:*:*:*:*:*:*"]}]}
