三浦 剛

**Name of the Vulnerable Software and Affected Versions** EC-CUBE versions 3.0.0 through 3.0.18-p6 EC-CUBE versions 4.0.0 through 4.0.6-p3 EC-CUBE versions 4.1.0 through 4.1.2-p2 EC-CUBE versions 4.2.0 through 4.2.2 **Description** The issue is due to improper settings of the `template engine Twig` included in the product, allowing arbitrary code execution on the server where the product is running by a user with administrative privilege. **Recommendations** For versions 3.0.0 through 3.0.18-p6, update the template engine settings to prevent arbitrary code execution. For versions 4.0.0 through 4.0.6-p3, update the template engine settings to prevent arbitrary code execution. For versions 4.1.0 through 4.1.2-p2, update the template engine settings to prevent arbitrary code execution. For versions 4.2.0 through 4.2.2, update the template engine settings to prevent arbitrary code execution.