First published: Thu Dec 03 2020(Updated: )
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
EC-CUBE EC-CUBE | >=3.0.0<=3.0.18 | |
composer/ec-cube/ec-cube | >=3.0.0<=3.0.18 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5679 is a vulnerability in EC-CUBE versions from 3.0.0 to 3.0.18 that leads to clickjacking attacks.
CVE-2020-5679 affects EC-CUBE versions from 3.0.0 to 3.0.18 by allowing clickjacking attacks.
The severity of CVE-2020-5679 is medium with a CVSS score of 6.1.
To fix CVE-2020-5679, update EC-CUBE to a version higher than 3.0.18.
You can find more information about CVE-2020-5679 at the following references: [https://jvn.jp/en/jp/JVN24457594/index.html](https://jvn.jp/en/jp/JVN24457594/index.html) and [https://www.ec-cube.net/info/weakness/](https://www.ec-cube.net/info/weakness/).