Published: 2020/12/03  Last Updated: 2020/12/03

Information from EC-CUBE CO.,LTD.

Vulnerability ID:JVN#24457594
Title:Multiple vulnerabilities in EC-CUBE
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Details of the vulnerability and how to fix it are described below.

Improper Restriction of Rendered UI Layers or Frames
https://www.ec-cube.net/info/weakness/weakness.php?id=75

Improper Input Validation
https://www.ec-cube.net/info/weakness/weakness.php?id=76