Unrated severityNVD Advisory· Published Dec 8, 2009· Updated Apr 23, 2026

CVE-2009-4236

Description

The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.

Affected products

Ec Cube/Ec Cube Ver24 versions
cpe:2.3:a:ec-cube:ec-cube_ver2:2.4.0:rc1:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ec-cube:ec-cube_ver2:2.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:ec-cube:ec-cube_ver2:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ec-cube:ec-cube_ver2:r18068:-:community:*:*:*:*:*
- cpe:2.3:a:ec-cube:ec-cube_ver2:r18428:-:community:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ec-cube.net/info/091127/nvdPatchVendor Advisory
www.vupen.com/english/advisories/2009/3421nvdPatchVendor Advisory
secunia.com/advisories/37603nvdVendor Advisory
jvn.jp/en/jp/JVN79762947/index.htmlnvd
jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.htmlnvd
osvdb.org/60685nvd
www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/54573nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000