Published At-20 Apr, 2018 | 13:29
Updated At-24 May, 2018 | 13:42
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors.
CISA Catalog
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|
| N/A | | |
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
| Type | Version | Base score | Base severity | Vector |
|---|
| Primary | 3.0 | 8.1 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
| Primary | 2.0 | 5.8 | MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Type: Primary
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
| CWE ID | Type | Source |
|---|
| CWE-384 | Primary | nvd@nist.gov |
Type: Primary
Source: nvd@nist.gov
Change History
0Changes found