Main Vulnerability Database SB2014012201

SB2014012201 - Multiple vulnerabilities in ec-cube.net EC-CUBE

Published: January 22, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014012201

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2014-0807)

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.

2) Input validation error (CVE-ID: CVE-2014-0808)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The lfCheckError function in data/class/pages/shopping/LC_Page_Shopping_Multiple.php in LOCKON EC-CUBE 2.11.0 through 2.12.2 allows remote attackers to obtain sensitive shipping information via unspecified vectors.

Remediation

Install update from vendor's website.

SB2014012201 - Multiple vulnerabilities in ec-cube.net EC-CUBE

Breakdown by Severity

Description

Remediation

References

Please verify you're human