VulnerableCode Package Details - pkg:composer/ec-cube/ec-cube@3.0.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/ec-cube/ec-cube@3.0.0

Essentials
History (18)

purl	pkg:composer/ec-cube/ec-cube@3.0.0

Next non-vulnerable version	3.1.0-alpha
Latest non-vulnerable version	3.1.0-alpha
Risk	4.0

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-1gnn-818f-dfd3 Aliases: CVE-2023-46845	EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege.	3.1.0-alpha Affected by 0 other vulnerabilities. 4.0.6-p1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1-beta Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.2-p1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.0-alpha Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.2.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-8bj1-htby-r3hb Aliases: CVE-2023-22438	Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.	3.1.0-alpha Affected by 0 other vulnerabilities. 4.0.6-p1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1-beta Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.2-p1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.0-alpha Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.2.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-b9yr-y2nr-37bw Aliases: CVE-2018-16191 GHSA-fcgg-qgxg-2g2x		3.0.17 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bqur-48p1-tyaj Aliases: CVE-2020-5590 GHSA-hx79-x87c-hgm3		3.1.0-alpha Affected by 0 other vulnerabilities. 4.0.4 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-h22q-5adj-9bhu Aliases: CVE-2022-25355 GHSA-pw97-6v74-9w3p	EC-CUBE improperly handles HTTP Host header values	3.0.18 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hxq9-dnac-pfgx Aliases: CVE-2020-5679 GHSA-rwh8-h525-4jvj	EC-CUBE Improper Restriction of Rendered UI Layers or Frames	3.1.0-alpha Affected by 0 other vulnerabilities. 4.0.0 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mwk1-a45n-8yht Aliases: CVE-2021-20750 GHSA-vrpv-26fm-7vf7	EC-CUBE Cross-site scripting vulnerability	3.0.18 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.5 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.6 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xnkt-bw6n-mkhz Aliases: CVE-2022-40199 GHSA-wjpv-frf2-3r58	Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information.	3.0.18 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.2-p1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.0-alpha Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (4)

Vulnerability	Summary	Aliases
VCID-4ywz-x6zv-kfc4		CVE-2018-0657
VCID-5vm7-hpzj-qfhq		CVE-2018-0658
VCID-r4jp-pzbn-mybf	EC-CUBE Cross-site request forgery (CSRF) vulnerability	CVE-2021-20842 GHSA-m9hv-qmqh-33qh
VCID-v77p-6zxw-g7ds	EC-CUBE Improper access control in Management screen	CVE-2021-20841 GHSA-jc55-crg7-pr35

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-14T00:58:49.856508+00:00	GHSA Importer	Affected by	VCID-bqur-48p1-tyaj	https://github.com/advisories/GHSA-hx79-x87c-hgm3	38.6.0
2026-06-14T00:56:46.085353+00:00	GHSA Importer	Affected by	VCID-b9yr-y2nr-37bw	https://github.com/advisories/GHSA-fcgg-qgxg-2g2x	38.6.0
2026-06-12T18:34:29.564739+00:00	GitLab Importer	Affected by	VCID-xnkt-bw6n-mkhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2022-40199.yml	38.6.0
2026-06-12T17:43:37.186375+00:00	GitLab Importer	Affected by	VCID-mwk1-a45n-8yht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2021-20750.yml	38.6.0
2026-06-12T17:30:48.950546+00:00	GitLab Importer	Affected by	VCID-hxq9-dnac-pfgx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2020-5679.yml	38.6.0
2026-06-12T17:22:04.443726+00:00	GitLab Importer	Affected by	VCID-bqur-48p1-tyaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2020-5590.yml	38.6.0
2026-06-12T15:47:24.185800+00:00	GitLab Importer	Affected by	VCID-1gnn-818f-dfd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2023-46845.yml	38.6.0
2026-06-12T15:45:41.110769+00:00	GitLab Importer	Affected by	VCID-8bj1-htby-r3hb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2023-22438.yml	38.6.0
2026-06-12T15:44:58.205320+00:00	GitLab Importer	Affected by	VCID-b9yr-y2nr-37bw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2018-16191.yml	38.6.0
2026-06-12T15:43:36.973687+00:00	GitLab Importer	Affected by	VCID-h22q-5adj-9bhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2022-25355.yml	38.6.0
2026-06-12T15:42:50.455571+00:00	GitLab Importer	Fixing	VCID-r4jp-pzbn-mybf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2021-20842.yml	38.6.0
2026-06-12T15:42:50.111898+00:00	GitLab Importer	Fixing	VCID-v77p-6zxw-g7ds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2021-20841.yml	38.6.0
2026-06-12T15:40:56.749328+00:00	GitLab Importer	Fixing	VCID-5vm7-hpzj-qfhq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2018-0658.yml	38.6.0
2026-06-12T15:40:56.719127+00:00	GitLab Importer	Fixing	VCID-4ywz-x6zv-kfc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2018-0657.yml	38.6.0
2026-06-11T20:32:41.244595+00:00	GHSA Importer	Affected by	VCID-xnkt-bw6n-mkhz	https://github.com/advisories/GHSA-wjpv-frf2-3r58	38.6.0
2026-06-11T20:31:04.370328+00:00	GHSA Importer	Affected by	VCID-mwk1-a45n-8yht	https://github.com/advisories/GHSA-vrpv-26fm-7vf7	38.6.0
2026-06-11T20:30:44.167140+00:00	GHSA Importer	Affected by	VCID-hxq9-dnac-pfgx	https://github.com/advisories/GHSA-rwh8-h525-4jvj	38.6.0
2026-06-11T20:28:20.781050+00:00	GHSA Importer	Affected by	VCID-h22q-5adj-9bhu	https://github.com/advisories/GHSA-pw97-6v74-9w3p	38.6.0