Vulnerability Details CVE-2018-0658
Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
Products affected by CVE-2018-0658
-
cpe:2.3:a:ec-cube:ec-cube:2.11
-
cpe:2.3:a:ec-cube:ec-cube:2.12
-
cpe:2.3:a:ec-cube:ec-cube_payment_module:-
-
cpe:2.3:a:ec-cube:ec-cube_payment_module:2.11
-
cpe:2.3:a:ec-cube:ec-cube_payment_module:2.12
-
cpe:2.3:a:ec-cube:ec-cube_payment_module:2.3.17
-
cpe:2.3:a:ec-cube:ec-cube_payment_module:3.5.23
-
cpe:2.3:a:gmo-pg:gmo-pg_payment_module:-
-
cpe:2.3:a:gmo-pg:gmo-pg_payment_module:2.3.17
-
cpe:2.3:a:gmo-pg:gmo-pg_payment_module:3.5.23