VulnerableCode Package Details - pkg:composer/ec-cube/ec-cube@3.0.11-RC

Search for packages

Vulnerability	Summary	Fixed by
VCID-2vzq-r4pf-1kac Aliases: CVE-2020-5590 GHSA-hx79-x87c-hgm3	Path Traversal A directory traversal vulnerability in EC-CUBE allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.	3.1.0-alpha Affected by 0 other vulnerabilities. 4.0.4 Affected by 0 other vulnerabilities.
VCID-8d1z-47bk-vbd2 Aliases: CVE-2020-5679 GHSA-rwh8-h525-4jvj	Improper Restriction of Rendered UI Layers or Frames Improper restriction of rendered UI layers or frames in EC-CUBE versions from to leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.	3.1.0-alpha Affected by 0 other vulnerabilities. 4.0.0 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rqzy-xfsw-bqbg Aliases: CVE-2020-5680 GHSA-6wm9-966m-73jr	Improper Input Validation Improper input validation vulnerability in EC-CUBE allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.	3.1.0-alpha Affected by 0 other vulnerabilities. 4.0.0 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2vzq-r4pf-1kac
Aliases:
CVE-2020-5590
GHSA-hx79-x87c-hgm3

Path Traversal A directory traversal vulnerability in EC-CUBE allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

3.1.0-alpha
Affected by 0 other vulnerabilities.

4.0.4
Affected by 0 other vulnerabilities.

VCID-8d1z-47bk-vbd2
Aliases:
CVE-2020-5679
GHSA-rwh8-h525-4jvj

Improper Restriction of Rendered UI Layers or Frames Improper restriction of rendered UI layers or frames in EC-CUBE versions from to leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

3.1.0-alpha
Affected by 0 other vulnerabilities.

4.0.0
Affected by 11 other vulnerabilities.

VCID-rqzy-xfsw-bqbg
Aliases:
CVE-2020-5680
GHSA-6wm9-966m-73jr

Improper Input Validation Improper input validation vulnerability in EC-CUBE allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.

3.1.0-alpha
Affected by 0 other vulnerabilities.

4.0.0
Affected by 11 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:42:07.930272+00:00	GitLab Importer	Affected by	VCID-8d1z-47bk-vbd2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2020-5679.yml	38.6.0
2026-06-04T20:42:05.690291+00:00	GitLab Importer	Affected by	VCID-rqzy-xfsw-bqbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2020-5680.yml	38.6.0
2026-06-04T20:32:06.992535+00:00	GitLab Importer	Affected by	VCID-2vzq-r4pf-1kac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2020-5590.yml	38.6.0