QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4236

Published: Dec 8, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_JVN

vdb-entry

x_refsource_OSVDB

eccube-searchcustomer-security-bypass(54573)

vdb-entry

x_refsource_XF

JVNDB-2009-000078

third-party-advisory

x_refsource_JVNDB

http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html

x_refsource_MISC

http://www.ec-cube.net/info/091127/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.