Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.

Affected Packages

Packagist ec-cube/ec-cube

Affected versions: 2.11.2 (fixed in 2.17.2)

Related CVEs

CVE-2021-20841

Key Information

GHSA ID

GHSA-jc55-crg7-pr35

Published

November 25, 2021 12:00 AM

Last Modified

April 25, 2024 8:40 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

ec-cube/ec-cube

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.