CVE-2021-20841

Incorrect Authorization in packagist/ec-cube/ec-cube

Identifiers

CVE-2021-20841

Package Slug

packagist/ec-cube/ec-cube

Vulnerability

Incorrect Authorization

Description

Improper access control in Management screen of EC-CUBE 2 series allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.

Affected Versions

All versions starting from 2.11.2 up to 2.17.1

Solution

Upgrade to version 3.0.0 or above.

Last Modified

2021-11-30

source