Vulnerabilities > EC Cube

DATE CVE VULNERABILITY TITLE RISK
2020-12-03 CVE-2020-5680 Improper Input Validation vulnerability in Ec-Cube
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
network
low complexity
ec-cube CWE-20
7.5
2020-12-03 CVE-2020-5679 Improper Restriction of Rendered UI Layers or Frames vulnerability in Ec-Cube
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks.
network
low complexity
ec-cube CWE-1021
6.1
2020-06-19 CVE-2020-5590 Path Traversal vulnerability in Ec-Cube
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
network
low complexity
ec-cube CWE-22
8.1
2019-09-12 CVE-2019-6003 Cross-site Scripting vulnerability in Ec-Cube Amazon PAY 2.12/2.13/2.4.2
Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ec-cube CWE-79
6.1
2019-01-09 CVE-2018-16191 Open Redirect vulnerability in Ec-Cube
Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
ec-cube CWE-601
6.1
2018-09-07 CVE-2018-0658 Improper Input Validation vulnerability in multiple products
Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.
network
low complexity
ec-cube gmo-pg CWE-20
7.2
2018-09-07 CVE-2018-0657 Cross-site Scripting vulnerability in multiple products
Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ec-cube gmo-pg CWE-79
4.8
2016-08-01 CVE-2016-4837 SQL Injection vulnerability in Ec-Cube Discount Coupon
SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ec-cube CWE-89
critical
9.8