CVE-2014-0808

Name of the Vulnerable Software and Affected Versions EC-CUBE versions 2.11.0 through 2.12.2 EC-Orange systems deployed before June 29th, 2015

Description An issue exists where a user-controlled key can be used to bypass authorization. This can be exploited by sending a crafted HTTP request, potentially allowing a user of the affected shopping website to obtain other users' information.

Recommendations For EC-CUBE versions 2.11.0 through 2.12.2, update to a version outside of this range to resolve the issue. For EC-Orange systems deployed before June 29th, 2015, ensure deployment after this date to mitigate the risk. As a temporary workaround, consider restricting access to sensitive user information until a patch is available.