Arbitrary PHP Code Execution Vulnerability in EC-CUBE and GMO-PG Payment Modules

Arbitrary PHP Code Execution Vulnerability in EC-CUBE and GMO-PG Payment Modules

CVE-2018-0658 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.

Learn more about our Cis Benchmark Audit For Server Software.