[Japanese] | |
JVNDB-2024-000080 | |
EC-CUBE 4 Series improper input validation when installing plugins | |
Overview | |
EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins (CWE-349). | |
CVSS Severity (What is CVSS?) | |
CVSS V3 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
| |
Affected Products | |
| |
EC-CUBE CO.,LTD. | |
| |
Impact | |
An attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities. | |
Solution | |
[Apply the Patch] | |
Vendor Information | |
EC-CUBE CO.,LTD. | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2024/07/30 |
Date First Published | 2024/07/30 |
Date Last Updated | 2024/07/30 |