PT-2016-4637 · Lockon · Ec-Cube
Gen Sato
·
Published
2016-04-30
·
Updated
2016-05-06
·
CVE-2016-1199
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
LOCKON EC-CUBE versions 3.0.0 through 3.0.9
Description
The issue allows remote attackers to bypass intended IP address restrictions on the login page in the management screen.
Recommendations
For versions 3.0.0 through 3.0.9, update to a version that contains a fix for this issue to prevent bypassing of IP address restrictions.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ec-Cube