Vulnerabilities > EC Cube > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-46845 | Code Injection vulnerability in Ec-Cube EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. | 7.2 |
| 2021-07-01 | CVE-2021-20778 | Unspecified vulnerability in Ec-Cube 4.0.6 Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors. | 7.5 |
| 2020-12-03 | CVE-2020-5680 | Improper Input Validation vulnerability in Ec-Cube Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. | 7.5 |
| 2020-06-19 | CVE-2020-5590 | Path Traversal vulnerability in Ec-Cube Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | 8.1 |
| 2018-09-07 | CVE-2018-0658 | Improper Input Validation vulnerability in multiple products Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors. | 7.2 |