cvedb.io
CVE-2018-0658
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2018-09-07T14:29:02.633 · Last modified 2026-06-17T01:31:23.717

Summary

Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.

Affected products

ec-cube — ec-cube_payment_module

Does this affect you?

Add your gear to cvedb and we'll alert you only when ec-cube ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.