CVE-2014-0808
MEDIUM5.3EPSS 0.39%EC-CUBE vulnerable to authorization bypass
Published: 5/17/2022Modified: 6/11/2024
Description
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
Affected packages (1)
- Packagist/ec-cube/ec-cube>= 2.11.0, < 2.12.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-0808
- PATCHhttps://github.com/EC-CUBE/ec-cube
- WEBhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000006
- WEBhttp://jvn.jp/en/jp/JVN51770585
- WEBhttp://jvn.jp/en/jp/JVN51770585/index.html
- WEBhttps://jvndb.jvn.jp/jvndb/JVNDB-2024-000054
- WEBhttps://jvn.jp/en/jp/JVN15637138
- WEBhttp://www.ec-cube.net/info/weakness/weakness.php?id=57