CVE-2008-4991
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
06/11/2008
Last modified:
09/04/2025
Description
SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ec-cube:ec-cube:*:unknown:community_edition:*:*:*:*:* | 1.3.5 (including) | |
| cpe:2.3:a:ec-cube:ec-cube:*:*:*:*:*:*:*:* | 1.4.7 (including) | |
| cpe:2.3:a:ec-cube:ec-cube:*:b2:*:*:*:*:*:* | 1.5.0 (including) | |
| cpe:2.3:a:ec-cube:ec-cube:*:*:*:*:*:*:*:* | 2.3.0 (including) | |
| cpe:2.3:a:ec-cube:ec-cube:1.3.4:unknown:community_edition:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://jvn.jp/en/jp/JVN19072922/index.html
- http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000075.html
- http://www.ipa.go.jp/security/english/vuln/200811_EC-CUBE_en.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46509
- http://jvn.jp/en/jp/JVN19072922/index.html
- http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000075.html
- http://www.ipa.go.jp/security/english/vuln/200811_EC-CUBE_en.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46509