Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
EC-CUBE CO.,LTD.

EC-CUBE

8 Versions 8 CVEs

Versions

4.0.0 to 4.0.5

OTHER 1 CVE

versions from 3.0.0 to 3.0.18

OTHER 1 CVE

3.0.0 to 3.0.18 and 4.0.0 to 4.0.3

OTHER 1 CVE

2.11.0 through 2.12.2

OTHER 1 CVE

EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series)

OTHER 1 CVE

4.0.6 (EC-CUBE 4 series)

OTHER 1 CVE

versions from 3.0.5 to 3.0.18

OTHER 1 CVE

EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series)

OTHER 1 CVE

Recent CVEs

CVE-2021-20778

Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors.

UNKNOWN Jul 01, 2021

CVE-2021-20751

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.

UNKNOWN Jun 28, 2021

CVE-2021-20750

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.

UNKNOWN Jun 28, 2021

CVE-2021-20717

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser.

UNKNOWN May 10, 2021

CVE-2020-5680

Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.

UNKNOWN Dec 03, 2020

CVE-2020-5679

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

UNKNOWN Dec 03, 2020

CVE-2020-5590

Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

UNKNOWN Jun 19, 2020

CVE-2014-0808

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.

CRITICAL Jan 22, 2014