Medium severity6.5NVD Advisory· Published Nov 24, 2021· Updated Jun 17, 2026
CVE-2021-20841
CVE-2021-20841
Description
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ec-cube/ec-cubePackagist | >= 2.11.2, < 2.17.2 | 2.17.2 |
Affected products
2- Range: 2.11.2 to 2.17.1
Patches
Vulnerability mechanics
References
5- www.ec-cube.net/info/weakness/20211111/nvdExploitPatchVendor Advisory
- github.com/advisories/GHSA-jc55-crg7-pr35ghsaADVISORY
- jvn.jp/en/jp/JVN75444925/index.htmlnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-20841ghsaADVISORY
- www.ec-cube.net/info/weakness/20211111ghsaWEB
News mentions
0No linked articles in our index yet.