Vulnerabilities > EC Cube > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-46845 | Code Injection vulnerability in Ec-Cube EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. | 7.2 |
| 2016-08-01 | CVE-2016-4837 | SQL Injection vulnerability in Ec-Cube Discount Coupon SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-11-06 | CVE-2008-4991 | SQL Injection vulnerability in Ec-Cube SQL injection vulnerability in LOCKON CO.,LTD. | 7.5 |
| 2008-10-10 | CVE-2008-4534 | SQL Injection vulnerability in Ec-Cube SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |