Ec-cube

Ec-cube

25 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-20841

Exploit
  • EPSS 0.2%
  • Published 24.11.2021 16:15:13
  • Last modified 21.11.2024 05:47:15

Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.

7.5

CVE-2021-20778

  • EPSS 0.29%
  • Published 01.07.2021 06:15:09
  • Last modified 21.11.2024 05:47:10

Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors.

6.1

CVE-2021-20751

  • EPSS 0.32%
  • Published 28.06.2021 01:15:07
  • Last modified 21.11.2024 05:47:07

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.

6.1

CVE-2021-20750

  • EPSS 0.4%
  • Published 28.06.2021 01:15:07
  • Last modified 21.11.2024 05:47:07

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially c...

6.1

CVE-2021-20717

  • EPSS 1.86%
  • Published 10.05.2021 10:15:07
  • Last modified 21.11.2024 05:47:04

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script ...

7.5

CVE-2020-5680

  • EPSS 0.54%
  • Published 03.12.2020 12:15:12
  • Last modified 21.11.2024 05:34:28

Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.

6.1

CVE-2020-5679

  • EPSS 0.2%
  • Published 03.12.2020 12:15:11
  • Last modified 21.11.2024 05:34:28

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...

8.1

CVE-2020-5590

  • EPSS 2.21%
  • Published 19.06.2020 10:15:11
  • Last modified 21.11.2024 05:34:19

Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

6.1

CVE-2018-16191

  • EPSS 0.33%
  • Published 09.01.2019 23:29:04
  • Last modified 21.11.2024 03:52:15

Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0....

7.5

CVE-2008-4991

  • EPSS 0.4%
  • Published 06.11.2008 19:29:33
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter.