Vulnerabilities > EC Cube

DATE CVE VULNERABILITY TITLE RISK
2020-12-03 CVE-2020-5680 Improper Input Validation vulnerability in Ec-Cube
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
network
low complexity
ec-cube CWE-20
5.0
2020-12-03 CVE-2020-5679 Improper Restriction of Rendered UI Layers or Frames vulnerability in Ec-Cube
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks.
network
ec-cube CWE-1021
4.3
2020-06-19 CVE-2020-5590 Path Traversal vulnerability in Ec-Cube
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
network
low complexity
ec-cube CWE-22
5.5
2019-09-12 CVE-2019-6003 Cross-site Scripting vulnerability in Ec-Cube Amazon PAY 2.12/2.13/2.4.2
Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ec-cube CWE-79
4.3
2019-01-09 CVE-2018-16191 Open Redirect vulnerability in Ec-Cube
Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ec-cube CWE-601
5.8
2018-09-07 CVE-2018-0658 Improper Input Validation vulnerability in multiple products
Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.
network
low complexity
ec-cube gmo-pg CWE-20
6.5
2018-09-07 CVE-2018-0657 Cross-site Scripting vulnerability in multiple products
Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
3.5
2016-08-01 CVE-2016-4837 SQL Injection vulnerability in Ec-Cube Discount Coupon
SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ec-cube CWE-89
7.5
2009-12-08 CVE-2009-4236 Information Exposure vulnerability in Ec-Cube Ver2
The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.
network
low complexity
ec-cube CWE-200
5.0
2008-11-06 CVE-2008-4991 SQL Injection vulnerability in Ec-Cube
SQL injection vulnerability in LOCKON CO.,LTD.
network
low complexity
ec-cube CWE-89
7.5