The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 up to and including 2.4.1, and Community Edition r18068 through r18428, allows remote malicious users to obtain sensitive information (customer data) via unknown vectors related to sessions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ec-cube ec-cube ver2 r18068 |
||
ec-cube ec-cube ver2 r18428 |
||
ec-cube ec-cube ver2 2.4.1 |
||
ec-cube ec-cube ver2 2.4.0 |