CVE-2021-20778

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-20778

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20778.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20778

Published

2021-07-01T06:15:09.187Z

Modified

2025-11-20T11:29:38.498387Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors.

References

Affected packages

Git / github.com/ec-cube/ec-cube

Affected ranges

Type: GIT
Repo: https://github.com/ec-cube/ec-cube
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c6838851eade4903e90a0d4294f8342f2178e067

Affected versions

3.*

3.0.0

3.0.0-beta0

3.0.0-beta1

3.0.0-beta2

3.0.0-beta3

3.0.0-beta4

3.0.1

3.0.10

3.0.11

3.0.11-RC

3.0.11-pre

3.0.12

3.0.12-p1

3.0.13

3.0.14

3.0.15

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0-alpha

3.1.0-alpha2

3.1.0-alpha3

3.n-alpha4

3.n-alpha5

3.n-alpha6

4.*

4.0-beta

4.0-beta2

4.0.0

4.0.0-rc

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.5-p1

4.0.5-rc

4.0.6

Other

co/20190306

co/20190313

co/20190404

co/20190417

co/20190508

co/20190613

co/20190710

co/20190718

co/20190808

co/20190822

co/20190829

co/20190905

co/20190912

co/20190930

co/20191017

co/20191031

co/20191114

co/20191128

co/20191212

eccube-3.*

eccube-3.0.0-alpha

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20778.json"