First published: Wed Nov 24 2021(Updated: )
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
EC-CUBE EC-CUBE | >=2.11.2<=2.17.1 | |
composer/ec-cube/ec-cube | >=2.11.2<=2.17.1 | 2.17.2 |
>=2.11.2<=2.17.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-20841.
The title of the vulnerability is 'Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote attacker to bypass access restriction and alter System settings.'
The severity of CVE-2021-20841 is medium with a CVSS score of 6.5.
EC-CUBE 2 series versions 2.11.2 to 2.17.1 are affected by CVE-2021-20841.
A remote authenticated attacker can exploit CVE-2021-20841 to bypass access restrictions and alter system settings via unspecified vectors.