CVE-2021-20841
packagist/ec-cube/ec-cube
Incorrect Authorization
Improper access control in Management screen of EC-CUBE 2 series allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.
All versions starting from 2.11.2 up to 2.17.1
Upgrade to version 3.0.0 or above.
2021-11-30
source |