Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

Affected Packages

Packagist ec-cube/ec-cube

Affected versions: 3.0.0 (last affected: 3.0.18)

Related CVEs

CVE-2020-5679

Key Information

GHSA ID

GHSA-rwh8-h525-4jvj

Published

May 24, 2022 5:35 PM

Last Modified

April 25, 2024 8:39 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

ec-cube/ec-cube

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.