Package Instance

Path Traversal
A directory traversal vulnerability in EC-CUBE allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

Improper Restriction of Rendered UI Layers or Frames
Improper restriction of rendered UI layers or frames in EC-CUBE versions from to leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

Improper Input Validation
Improper input validation vulnerability in EC-CUBE allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.