CVE-2014-0808
MEDIUM5.3EPSS 0.39%EC-CUBE vulnerable to authorization bypass
發布日:2022/5/17修改日:2024/6/11
描述
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
受影響套件(1)
- Packagist/ec-cube/ec-cube>= 2.11.0, < 2.12.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-0808
- PATCHhttps://github.com/EC-CUBE/ec-cube
- WEBhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000006
- WEBhttp://jvn.jp/en/jp/JVN51770585
- WEBhttp://jvn.jp/en/jp/JVN51770585/index.html
- WEBhttps://jvndb.jvn.jp/jvndb/JVNDB-2024-000054
- WEBhttps://jvn.jp/en/jp/JVN15637138
- WEBhttp://www.ec-cube.net/info/weakness/weakness.php?id=57