Critical severity9.1NVD Advisory· Published Jan 22, 2014· Updated Apr 29, 2026
CVE-2014-0808
CVE-2014-0808
Description
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ec-cube/ec-cubePackagist | >= 2.11.0, < 2.12.2 | 2.12.2 |
Affected products
11cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.11.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- www.ec-cube.net/info/weakness/weakness.phpnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-j2hg-w4p4-6rvmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-0808ghsaADVISORY
- jvn.jp/en/jp/JVN51770585ghsaWEB
- jvn.jp/en/jp/JVN51770585/index.htmlghsaWEB
- jvndb.jvn.jp/jvndb/JVNDB-2014-000006nvdWEB
- jvn.jp/en/jp/JVN15637138ghsaWEB
- jvndb.jvn.jp/jvndb/JVNDB-2024-000054nvdWEB
- jvn.jp/en/jp/JVN51770585/nvd
- ec-orange.jpnvd
- jvn.jp/en/jp/JVN15637138/nvd
News mentions
0No linked articles in our index yet.