CVE-2023-27919

Summary

Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system.

Affected Software

VendorProductVersion RangeStatus
NE Inc.NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)all versionsaffected

Weaknesses

  • Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References