Published: 2023/11/07  Last Updated: 2023/11/07

Information from EC-CUBE CO.,LTD.

Vulnerability ID:JVN#29195731
Title:EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

1. RCE Vulnerabilities on EC-CUBE4

Risk Level:
low

Version with the Vulnerability:

4.0.0~4.0.6-p3
4.1.0~4.1.2-p2
4.2.0~4.2.2


Details of the informaiton(4.0)
https://www.ec-cube.net/info/weakness/20231026/index_40.php

Details of the informaiton(4.1/4.2)
https://www.ec-cube.net/info/weakness/20231026/index.php

2.RCE Vulnerabilities on EC-CUBE3

Risk Level:
low

Version with the Vulnerability:
3.0.0 ~ 3.0.18-p6

Details of the informaiton
https://www.ec-cube.net/info/weakness/20231026/index_3.php