VYPR

Ec Cube 2 Series

by Ec Cube Co.,ltd.

CVEs (3)

  • CVE-2021-20842MedNov 24, 2021
    risk 0.42cvss 6.5epss 0.01

    Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.

  • CVE-2021-20841MedNov 24, 2021
    risk 0.42cvss 6.5epss 0.01

    Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.

  • CVE-2023-40281MedAug 17, 2023
    risk 0.31cvss 4.8epss 0.00

    EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed…

VYPR — Vulnerability Intelligence