PT-2014-3854 · Ec Cube · Ec-Orange +1

Name of the Vulnerable Software and Affected Versions: EC-CUBE versions 2.11.0 through 2.12.2 EC-Orange systems deployed before June 29th, 2015 Description: An issue exists where a user-controlled key can be used to bypass authorization. This can be exploited by sending a crafted HTTP request,...