Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-20778
CVE-2021-20778:
PHP vulnerability analysis and mitigation
Overview
EC-CUBE version 4.0.6 is affected by an improper access control vulnerability that could allow remote attackers to obtain sensitive information. This vulnerability was discovered on July 1, 2021 and is tracked as CVE-2021-20778. The issue exists due to a defect in the fix of a previous vulnerability (JVN#95292458) (JVN Report).
Technical details
The vulnerability is classified as an improper access control issue (CWE-284) with a CVSS v3.0 base score of 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability can be exploited remotely over the network, requires low attack complexity, needs no privileges or user interaction, and has a high impact on confidentiality but no impact on integrity or availability (JVN Report).
Impact
A remote attacker may obtain sensitive information from the affected EC-CUBE installation without requiring any authentication or user interaction (JVN Report).
Mitigation and workarounds
Users should update to EC-CUBE version 4.0.6-p1 which addresses this vulnerability. Alternatively, users can apply a hotfix patch provided by the developer (JVN Report).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management