EC-CUBE vulnerable to multi-factor authentication bypass

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-30777 EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LT...

EC-CUBE 安全漏洞

EC-CUBE is an open-source e-commerce system developed by the Japanese company EC-CUBE. There is a security vulnerability in EC-CUBE, which stems from the possibility of bypassing multi-factor authentication. This vulnerability could allow attackers to access the management page without being...

CVE-2023-25077

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

EUVD-2008-4518

Malware in sbrugna...

EUVD-2009-4205

Malware in sbrugna...

EUVD-2008-4516

Malware in sbrugna...

EUVD-2008-4517

Malware in sbrugna...

EUVD-2021-8157

Malicious code in bioql PyPI...

EUVD-2023-26949

Malicious code in bioql PyPI...

EUVD-2023-26600

Malicious code in bioql PyPI...

EUVD-2022-4259

Malicious code in bioql PyPI...

EUVD-2022-1137

Malicious code in bioql PyPI...

EUVD-2022-3535

Malicious code in bioql PyPI...

EUVD-2022-5245

Malicious code in bioql PyPI...

EUVD-2022-4536

Malicious code in bioql PyPI...

EUVD-2023-51011

Malicious code in bioql PyPI...

EUVD-2022-4235

Malicious code in bioql PyPI...

CVE-2022-25355

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...

CVE-2021-20751

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 EC-CUBE 4 series allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...

CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...