Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-5534-wj8d-xyfp
Vulnerability ID VCID-5534-wj8d-xyfp
Aliases CVE-2020-5680
GHSA-6wm9-966m-73jr
Summary EC-CUBE Improper input validation vulnerability
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2020-5680
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2020-5680
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2020-5680
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-6wm9-966m-73jr
cvssv3.1 7.5 https://github.com/EC-CUBE/ec-cube
generic_textual HIGH https://github.com/EC-CUBE/ec-cube
cvssv3.1 7.5 https://jvn.jp/en/jp/JVN24457594/index.html
generic_textual HIGH https://jvn.jp/en/jp/JVN24457594/index.html
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5680
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2020-5680
cvssv3.1 7.5 https://www.ec-cube.net/info/weakness
generic_textual HIGH https://www.ec-cube.net/info/weakness
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-5680
https://github.com/EC-CUBE/ec-cube
https://jvn.jp/en/jp/JVN24457594/index.html
https://www.ec-cube.net/info/weakness
https://www.ec-cube.net/info/weakness/
CVE-2020-5680 https://nvd.nist.gov/vuln/detail/CVE-2020-5680
GHSA-6wm9-966m-73jr https://github.com/advisories/GHSA-6wm9-966m-73jr
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/EC-CUBE/ec-cube
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://jvn.jp/en/jp/JVN24457594/index.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-5680
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.ec-cube.net/info/weakness
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.68107
EPSS Score 0.00541
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:30:44.115334+00:00 GHSA Importer Import https://github.com/advisories/GHSA-6wm9-966m-73jr 38.6.0