CVE-2020-5679

Name of the Vulnerable Software and Affected Versions EC-CUBE versions 3.0.0 through 3.0.18

Description The issue is related to improper restriction of rendered UI layers or frames, which can lead to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

Recommendations For versions 3.0.0 through 3.0.18, update to a version later than 3.0.18 to resolve the issue. As a temporary workaround, consider restricting access to administrative pages or implementing additional security measures to minimize the risk of clickjacking attacks.