Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-j2hg-w4p4-6rvm

Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 5.3

Описание

EC-CUBE vulnerable to authorization bypass

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.

Ссылки

Пакеты

Наименование

ec-cube/ec-cube

composer
Затронутые версииВерсия исправления

>= 2.11.0, < 2.12.2

2.12.2

EPSS

Процентиль: 59%
0.00388
Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2014-0808

Дефекты

CWE-639

Связанные уязвимости

nvd логотип

CVE-2014-0808

CVSS3: 9.1
nvd
около 12 лет назад

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.

EPSS

Процентиль: 59%
0.00388
Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2014-0808

Дефекты

CWE-639