{"url":"http://public2.vulnerablecode.io/api/packages/394635?format=json","purl":"pkg:composer/ec-cube/ec-cube@4.2.3","type":"composer","namespace":"ec-cube","name":"ec-cube","version":"4.2.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212764?format=json","vulnerability_id":"VCID-yjve-1ftj-vqgw","summary":"EC-CUBE has a Vulnerability that Allows MFA Bypass in the Administrative Interface","references":[{"reference_url":"https://github.com/EC-CUBE/ec-cube","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/EC-CUBE/ec-cube"},{"reference_url":"https://github.com/EC-CUBE/ec-cube/commit/094785943bfc3815c29f0cce9dbabb9bcc688474","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/EC-CUBE/ec-cube/commit/094785943bfc3815c29f0cce9dbabb9bcc688474"},{"reference_url":"https://github.com/advisories/GHSA-7rhv-h82h-vpjh","reference_id":"GHSA-7rhv-h82h-vpjh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7rhv-h82h-vpjh"},{"reference_url":"https://github.com/EC-CUBE/ec-cube/security/advisories/GHSA-7rhv-h82h-vpjh","reference_id":"GHSA-7rhv-h82h-vpjh","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/EC-CUBE/ec-cube/security/advisories/GHSA-7rhv-h82h-vpjh"}],"fixed_packages":[],"aliases":["GHSA-7rhv-h82h-vpjh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjve-1ftj-vqgw"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132378?format=json","vulnerability_id":"VCID-1gnn-818f-dfd3","summary":"EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46845","reference_id":"","reference_type":"","scores":[{"value":"0.01296","scoring_system":"epss","scoring_elements":"0.80181","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01296","scoring_system":"epss","scoring_elements":"0.80112","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01296","scoring_system":"epss","scoring_elements":"0.80174","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01296","scoring_system":"epss","scoring_elements":"0.80189","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46845"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46845","reference_id":"CVE-2023-46845","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46845"},{"reference_url":"https://www.ec-cube.net/info/weakness/20231026/index_3.php","reference_id":"index_3.php","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/"}],"url":"https://www.ec-cube.net/info/weakness/20231026/index_3.php"},{"reference_url":"https://www.ec-cube.net/info/weakness/20231026/index_40.php","reference_id":"index_40.php","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/"}],"url":"https://www.ec-cube.net/info/weakness/20231026/index_40.php"},{"reference_url":"https://www.ec-cube.net/info/weakness/20231026/index.php","reference_id":"index.php","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/"}],"url":"https://www.ec-cube.net/info/weakness/20231026/index.php"},{"reference_url":"https://jvn.jp/en/jp/JVN29195731/","reference_id":"JVN29195731","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/"}],"url":"https://jvn.jp/en/jp/JVN29195731/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/462542?format=json","purl":"pkg:composer/ec-cube/ec-cube@3.1.0-alpha","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.1.0-alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/23483?format=json","purl":"pkg:composer/ec-cube/ec-cube@4.0.6-p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnn-818f-dfd3"},{"vulnerability":"VCID-8bj1-htby-r3hb"},{"vulnerability":"VCID-h22q-5adj-9bhu"},{"vulnerability":"VCID-kjwz-h6kh-9yhk"},{"vulnerability":"VCID-uc29-6x6h-akb8"},{"vulnerability":"VCID-xnkt-bw6n-mkhz"},{"vulnerability":"VCID-zy4t-p98q-qkb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1"},{"url":"http://public2.vulnerablecode.io/api/packages/508930?format=json","purl":"pkg:composer/ec-cube/ec-cube@4.1-beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h22q-5adj-9bhu"},{"vulnerability":"VCID-xnkt-bw6n-mkhz"},{"vulnerability":"VCID-zy4t-p98q-qkb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1-beta"},{"url":"http://public2.vulnerablecode.io/api/packages/393056?format=json","purl":"pkg:composer/ec-cube/ec-cube@4.1.2-p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gnn-818f-dfd3"},{"vulnerability":"VCID-8bj1-htby-r3hb"},{"vulnerability":"VCID-kjwz-h6kh-9yhk"},{"vulnerability":"VCID-uc29-6x6h-akb8"},{"vulnerability":"VCID-xnkt-bw6n-mkhz"},{"vulnerability":"VCID-yjve-1ftj-vqgw"},{"vulnerability":"VCID-zy4t-p98q-qkb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1"},{"url":"http://public2.vulnerablecode.io/api/packages/589650?format=json","purl":"pkg:composer/ec-cube/ec-cube@4.2.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yjve-1ftj-vqgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/394635?format=json","purl":"pkg:composer/ec-cube/ec-cube@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yjve-1ftj-vqgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.3"}],"aliases":["CVE-2023-46845"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gnn-818f-dfd3"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.3"}