Authorization Bypass in EC-CUBE and EC-Orange Platforms
CVE-2014-0808

Currently unrated

Key Information:

Vendor: Ec-cube Co.,ltd.
Status: Ec-cube; Ec-orange
Vendor: CVE Published:; 22 January 2014

🔔 Create Ec-cube Co.,ltd. Vulnerability Alert

What is CVE-2014-0808?

An authorization bypass vulnerability exists in EC-CUBE versions 2.11.0 to 2.12.2 and EC-Orange systems released before June 29, 2015. Attackers can exploit this weakness by sending crafted HTTP requests, allowing them unauthorized access to sensitive user information stored on affected shopping platforms. This compromise can lead to the exposure of personal data, underscoring the importance of immediate security updates to mitigate potential risks.

Affected Version(s)

EC-CUBE 2.11.0 through 2.12.2

EC-Orange systems deployed before June 29th

EC-Orange 2015

References

http://www.ec-cube.net/info/weakness/weakness.php?id=57

http://jvn.jp/en/jp/JVN51770585/

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2014
Vulnerability Reserved
Jan 6, 2014