Vulnerabilities > EC Cube > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-46845 Code Injection vulnerability in Ec-Cube
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product.
network
low complexity
ec-cube CWE-94
7.2
2016-08-01 CVE-2016-4837 SQL Injection vulnerability in Ec-Cube Discount Coupon
SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ec-cube CWE-89
7.5
2008-11-06 CVE-2008-4991 SQL Injection vulnerability in Ec-Cube
SQL injection vulnerability in LOCKON CO.,LTD.
network
low complexity
ec-cube CWE-89
7.5
2008-10-10 CVE-2008-4534 SQL Injection vulnerability in Ec-Cube
SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ec-cube CWE-89
7.5