pkg:Packagist/ec-cube/ec-cube

所有已知漏洞

• HIGH8.1CVE-2020-5590EC-CUBE Directory traversal vulnerability
  >= 3.0.0, <= 3.0.18
• HIGH7.5CVE-2020-5680EC-CUBE Improper input validation vulnerability
  >= 3.0.5, <= 3.0.18
• MEDIUM6.5CVE-2021-20842EC-CUBE Cross-site request forgery (CSRF) vulnerability
  >= 2.11.0, < 2.17.2
• MEDIUM6.5CVE-2021-20841EC-CUBE Improper access control in Management screen
  >= 2.11.2, < 2.17.2
• MEDIUM6.1CVE-2021-20751EC-CUBE Cross-site scripting vulnerability
  >= 4.0.0, < 4.0.6
• MEDIUM6.1CVE-2021-20750EC-CUBE Cross-site scripting vulnerability
  >= 3.0.0, <= 3.0.18-p2
• MEDIUM6.1CVE-2021-20717EC-CUBE Cross-site scripting vulnerability
  >= 4.0.0, <= 4.0.5
• MEDIUM6.1CVE-2020-5679EC-CUBE Improper Restriction of Rendered UI Layers or Frames
  >= 3.0.0, <= 3.0.18
• MEDIUM6.1CVE-2018-16191EC-CUBE Open redirect vulnerability
  >= 3.0.0, < 3.0.17
• MEDIUM5.4CVE-2022-38975EC-CUBE DOM-based cross-site scripting vulnerability
  >= 4.0.0, <= 4.1.2
• MEDIUM5.3CVE-2014-0808EC-CUBE vulnerable to authorization bypass
  >= 2.11.0, < 2.12.2
• MEDIUM5.3CVE-2022-25355EC-CUBE improperly handles HTTP Host header values
  >= 3.0.0, <= 3.0.18-p3
• LOW2.7CVE-2022-40199EC-CUBE Directory traversal vulnerability
  >= 3.0.0, <= 3.0.18-p4
• —CVE-2011-0451EC-CUBE XSS Vulnerabilities
  from 0, < 2.4.4