VIR Vulnerability Intelligence Relay

CVE-2014-0808

critical
Published 2014-01-22 · Modified 2024-06-11
CVSS v3
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS v2
5.0
VIR risk
9.1

Description

EC-CUBE vulnerable to authorization bypass

Predictions

Exploit likelihood
94%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — http://www.ec-cube.net/info/weakness/weakness.php?id=57

Package impact
EcosystemPackageVulnerableFixed
php Packagistec-cube/ec-cube>=2.11.0,<2.12.22.12.2

Application impact
VendorProductVersionsFixed
lockonec-cube2.11.0
lockonec-cube2.11.1
lockonec-cube2.11.2
lockonec-cube2.11.3
lockonec-cube2.11.4
lockonec-cube2.11.5
lockonec-cube2.12.0
lockonec-cube2.12.1
lockonec-cube2.12.2

References

CWEs

CWE-566

Verify integrity in audit chain (admin only). AS-IS.