Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for ec-cube_ver2 by ec-cube

    CVE-2009-4236 (GCVE-0-2009-4236)

    Vulnerability from nvd – Published: 2009-12-08 23:00 – Updated: 2024-08-07 06:54
    VLAI
    Summary
    The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2009/3421 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/37603 third-party-advisoryx_refsource_SECUNIA
    http://jvn.jp/en/jp/JVN79762947/index.html third-party-advisoryx_refsource_JVN
    http://osvdb.org/60685 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-0… third-party-advisoryx_refsource_JVNDB
    http://www.ipa.go.jp/security/vuln/documents/2009… x_refsource_MISC
    http://www.ec-cube.net/info/091127/ x_refsource_CONFIRM
    Date Public
    2009-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:54:10.201Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2009-3421",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3421"
              },
              {
                "name": "37603",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37603"
              },
              {
                "name": "JVN#79762947",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN79762947/index.html"
              },
              {
                "name": "60685",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/60685"
              },
              {
                "name": "eccube-searchcustomer-security-bypass(54573)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573"
              },
              {
                "name": "JVNDB-2009-000078",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/091127/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2009-3421",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3421"
            },
            {
              "name": "37603",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37603"
            },
            {
              "name": "JVN#79762947",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN79762947/index.html"
            },
            {
              "name": "60685",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/60685"
            },
            {
              "name": "eccube-searchcustomer-security-bypass(54573)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573"
            },
            {
              "name": "JVNDB-2009-000078",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/091127/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-4236",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2009-3421",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3421"
                },
                {
                  "name": "37603",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37603"
                },
                {
                  "name": "JVN#79762947",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN79762947/index.html"
                },
                {
                  "name": "60685",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/60685"
                },
                {
                  "name": "eccube-searchcustomer-security-bypass(54573)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573"
                },
                {
                  "name": "JVNDB-2009-000078",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html"
                },
                {
                  "name": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html",
                  "refsource": "MISC",
                  "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html"
                },
                {
                  "name": "http://www.ec-cube.net/info/091127/",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/091127/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-4236",
        "datePublished": "2009-12-08T23:00:00.000Z",
        "dateReserved": "2009-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:54:10.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-4236 (GCVE-0-2009-4236)

    Vulnerability from cvelistv5 – Published: 2009-12-08 23:00 – Updated: 2024-08-07 06:54
    VLAI
    Summary
    The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2009/3421 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/37603 third-party-advisoryx_refsource_SECUNIA
    http://jvn.jp/en/jp/JVN79762947/index.html third-party-advisoryx_refsource_JVN
    http://osvdb.org/60685 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-0… third-party-advisoryx_refsource_JVNDB
    http://www.ipa.go.jp/security/vuln/documents/2009… x_refsource_MISC
    http://www.ec-cube.net/info/091127/ x_refsource_CONFIRM
    Date Public
    2009-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:54:10.201Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2009-3421",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3421"
              },
              {
                "name": "37603",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37603"
              },
              {
                "name": "JVN#79762947",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN79762947/index.html"
              },
              {
                "name": "60685",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/60685"
              },
              {
                "name": "eccube-searchcustomer-security-bypass(54573)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573"
              },
              {
                "name": "JVNDB-2009-000078",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/091127/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2009-3421",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3421"
            },
            {
              "name": "37603",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37603"
            },
            {
              "name": "JVN#79762947",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN79762947/index.html"
            },
            {
              "name": "60685",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/60685"
            },
            {
              "name": "eccube-searchcustomer-security-bypass(54573)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573"
            },
            {
              "name": "JVNDB-2009-000078",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/091127/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-4236",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2009-3421",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3421"
                },
                {
                  "name": "37603",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37603"
                },
                {
                  "name": "JVN#79762947",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN79762947/index.html"
                },
                {
                  "name": "60685",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/60685"
                },
                {
                  "name": "eccube-searchcustomer-security-bypass(54573)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573"
                },
                {
                  "name": "JVNDB-2009-000078",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html"
                },
                {
                  "name": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html",
                  "refsource": "MISC",
                  "url": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html"
                },
                {
                  "name": "http://www.ec-cube.net/info/091127/",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/091127/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-4236",
        "datePublished": "2009-12-08T23:00:00.000Z",
        "dateReserved": "2009-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:54:10.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }