CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-1154

SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.4%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 7.5

References

http://jvn.jp/en/jp/JVN31524757/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000027
http://www.ec-cube.net/products/detail.php?product_id=279
http://jvn.jp/en/jp/JVN31524757/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000027
http://www.ec-cube.net/products/detail.php?product_id=279

Products affected by CVE-2016-1154

Cuore » Ec-Cube Help Plugin » Version: Any

cpe:2.3:a:cuore:ec-cube_help_plugin:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-1154

Products

Pricing

Contact Us