|
[Japanese]
|
JVNDB-2015-000190
|
EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection
|
|
BbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability (CWE-89).
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.5 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: Partial
|
|
|
BOKUBLOCK INC.
- BbAdminViewsControl 213 Ver1.0 and earlier
- BbAdminViewsControl Ver2.0 and earlier
|
|
|
A logged in attacker may execute SQL statements.
According to the developer, this vulnerability affects availability of the server that EC-CUBE resides, but information in the database can not be obtained or altered.
|
|
[Do not use BbAdminViewsControl]
Please stop use of BbAdminViewsControl.
The developer has stopped distributing the product.
|
|
BOKUBLOCK INC.
|
|
- SQL Injection(CWE-89) [IPA Evaluation]
|
|
- CVE-2015-7784
|
|
- JVN : JVN#55545372
- National Vulnerability Database (NVD) : CVE-2015-7784
|
|
- [2015/12/03]
Web page was published
[2016/01/12]
References : Content was added
[2016/07/07]
CVSS Severity was modified
Vendor Information : Content was added
Impact was modified
Solution was modified
|
