CVE-2023-46845
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2023-46845 is a serious vulnerability affecting EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) e-commerce platforms. The issue arises due to the misconfiguration of the Twig template engine, which is included in the product. This vulnerability enables an attacker with administrative privileges to execute arbitrary code on the vulnerable server. Consequently, attackers could exploit this weakness to gain unauthorized access, steal sensitive data, or even take control of the entire system. It is imperative that users of the affected EC-CUBE versions apply the necessary patches promptly to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- EC-CUBE
Affected Vendors
- Ec-cube