QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0808

Published: Jan 22, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.

Vendor	Product	Versions
EC-CUBE CO.,LTD.	EC-CUBE	affected `2.11.0 through 2.12.2`
S‑cubism Inc.	EC-Orange	affected `systems deployed before June 29th` affected `2015`

References

http://www.ec-cube.net/info/weakness/weakness.php?id=57

http://jvn.jp/en/jp/JVN51770585/

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006

https://ec-orange.jp/

https://jvn.jp/en/jp/JVN15637138/

https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.