CVE-2026-30777

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication MFA bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page...

EC-CUBE has a Vulnerability that Allows MFA Bypass in the Administrative Interface

Vulnerability Allowing MFA Bypass Affected EC-CUBE Versions Versions: 4.1.0 – 4.3.1 Vulnerability Overview If an administrator’s ID and password are compromised, an issue exists that allows an attacker to bypass the normally required two-factor authentication 2FA and log in to the administrative...

GHSA-7RHV-H82H-VPJH EC-CUBE has a Vulnerability that Allows MFA Bypass in the Administrative Interface

Vulnerability Allowing MFA Bypass Affected EC-CUBE Versions Versions: 4.1.0 – 4.3.1 Vulnerability Overview If an administrator’s ID and password are compromised, an issue exists that allows an attacker to bypass the normally required two-factor authentication 2FA and log in to the administrative...

EUVD-2026-9791

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication MFA bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page...

CVE-2026-30777

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication MFA bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page...

CVE-2026-30777

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication MFA bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page...

CVE-2026-30777

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication MFA bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page...

CVE-2026-30777

EC-CUBE (EC-CUBE CO.,LTD.) contains a vulnerability that allows MFA bypass. An attacker with valid administrator credentials may bypass two-factor authentication and gain unauthorized access to the administrative page. The connected CVE records confirm the issue and describe the impact as unautho...

CVE-2026-30777

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication MFA bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page...

EC-CUBE vulnerable to multi-factor authentication bypass

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-30777 EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LT...

EC-CUBE 安全漏洞

EC-CUBE is an open-source e-commerce system developed by the Japanese company EC-CUBE. There is a security vulnerability in EC-CUBE, which stems from the possibility of bypassing multi-factor authentication. This vulnerability could allow attackers to access the management page without being...

PT-2026-23136

Name of the Vulnerable Software and Affected Versions EC-CUBE affected versions not specified Description The software contains a multi-factor authentication MFA bypass. An attacker with a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized...

CVE-2023-25077

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-40281

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

CVE-2022-38975

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...

CVE-2022-37346

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...

CVE-2024-41924

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product m...

EUVD-2013-3586

Malware in sbrugna...

EUVD-2013-3585

Malware in sbrugna...

EUVD-2015-7683

Malware in sbrugna...