Information from EC-CUBE CO.,LTD.
Vulnerability ID:JVN#29195731
Title:EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
1. RCE Vulnerabilities on EC-CUBE4
Risk Level:
low
Version with the Vulnerability:
4.0.0~4.0.6-p3
4.1.0~4.1.2-p2
4.2.0~4.2.2
Details of the informaiton(4.0)
https://www.ec-cube.net/info/weakness/20231026/index_40.php
Details of the informaiton(4.1/4.2)
https://www.ec-cube.net/info/weakness/20231026/index.php
2.RCE Vulnerabilities on EC-CUBE3
Risk Level:
low
Version with the Vulnerability:
3.0.0 ~ 3.0.18-p6
Details of the informaiton
https://www.ec-cube.net/info/weakness/20231026/index_3.php
