Vulnerability Description
The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ec-Cube | Ec-Cube Ver2 | 2.4.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN79762947/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html
- http://osvdb.org/60685
- http://secunia.com/advisories/37603Vendor Advisory
- http://www.ec-cube.net/info/091127/PatchVendor Advisory
- http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html
- http://www.vupen.com/english/advisories/2009/3421PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54573
- http://jvn.jp/en/jp/JVN79762947/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html
- http://osvdb.org/60685
- http://secunia.com/advisories/37603Vendor Advisory
- http://www.ec-cube.net/info/091127/PatchVendor Advisory
- http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html
- http://www.vupen.com/english/advisories/2009/3421PatchVendor Advisory
FAQ
What is CVE-2009-4236?
CVE-2009-4236 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote at...
How severe is CVE-2009-4236?
CVE-2009-4236 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4236?
Check the references section above for vendor advisories and patch information. Affected products include: Ec-Cube Ec-Cube Ver2.