CVE-2018-0658

EUVD-2018-1468
Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
ec-cubeec-cube_payment_module
𝑥
≤ 2.3.17
gmo-pggmo-pg_payment_module
𝑥
≤ 2.3.17
ec-cubeec-cube_payment_module
𝑥
≤ 3.5.23
gmo-pggmo-pg_payment_module
𝑥
≤ 3.5.23
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN06372244/index.html
http://jvn.jp/en/jp/JVN06372244/index.html