Moderate severityNVD Advisory· Published Nov 24, 2021· Updated Aug 3, 2024
CVE-2021-20841
CVE-2021-20841
Description
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ec-cube/ec-cubePackagist | >= 2.11.2, < 2.17.2 | 2.17.2 |
Affected products
1- Range: 2.11.2 to 2.17.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-jc55-crg7-pr35ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-20841ghsaADVISORY
- jvn.jp/en/jp/JVN75444925/index.htmlghsax_refsource_MISCWEB
- www.ec-cube.net/info/weakness/20211111ghsaWEB
- www.ec-cube.net/info/weakness/20211111/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.