Information from GMO Payment Gateway, Inc.
Vulnerability ID:JVN#06372244
Title:Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
There are multiple vulnerabilities, including the cross site scripting and input validation bypass to EC-CUBE payment module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE.
■ Target
EC-CUBE Payment Module (for EC-CUBE 2.11) 2.3.17 and earlier versions
EC-CUBE Payment Module (for EC-CUBE 2.12) 2.5.23 and earlier versions
GMO-PG Payment Module (PG Multi-Payment Service) (for EC-CUBE 2.11) 2.3.17 and earlier versions
GMO-PG Payment Module (PG Multi-Payment Service) (for EC-CUBE 2.12) 2.5.23 and earlier versions
■ measures
You may need to do a update to the latest version of EC-CUBE Payment Module or GMO-PG Payment Module (PG Multi-Payment Service) via the owner's store page of your EC-CUBE admin site.
