CVE-2018-0564
EC-CUBE 3.x versions (3.0.0 through 3.0.15) are affected by a session fixation vulnerability. The issue arises from lack of renewal of session cookies, enabling remote attackers to impersonate authenticated users and perform arbitrary operations via unspecified vectors. Public references (JVN/JVN...