Denial-of-Service Vulnerability in EC-CUBE by EC-CUBE Co. Ltd.
CVE-2020-5680

7.5HIGH

Key Information:

Vendor

Ec-cube Co.,ltd.

Status
Ec-cube
Vendor
CVE Published:
3 December 2020

What is CVE-2020-5680?

An improper input validation vulnerability exists in EC-CUBE versions 3.0.5 to 3.0.18, which allows a remote attacker to exploit the system and potentially trigger a denial-of-service (DoS) condition. Attackers can utilize this flaw through unspecified vectors, resulting in service disruptions and making the affected system unavailable to legitimate users.

Affected Version(s)

EC-CUBE versions from 3.0.5 to 3.0.18

References

https://www.ec-cube.net/info/weakness/
x_refsource_MISC
https://jvn.jp/en/jp/JVN24457594/index.html
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.