GCVE - cpe:2.3:a:ec-cube:ec-cube:*:unknown:community

Approved changes feed: RSS · Atom

cpe:2.3:a:ec-cube:ec-cube:*:unknown:community_edition:*:*:*:*:*

part: a version: * update: unknown

Vendor	Ec Cube (`5677c0e6-0154-50a5-b443-40e157e92c1a`)
Product	Ec Cube (`9b322bbb-ef9e-5ff2-8b04-e200594426c4`)
Edition	community_edition
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/ec-cube/ec-cube`	purl2cpe	2026-06-01 10:15:46.294206

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-4991`	vulnerable	2026-06-03 14:29:06.693370	Details available SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter. Published: 2008-11-06T19:00:00.000Z Updated: 2024-08-07T10:31:28.424Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN19072922/index.html http://www.ipa.go.jp/security/english/vuln/200811_EC-CUBE_en.html http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000075.html https://exchange.xforce.ibmcloud.com/vulnerabilities/46509	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-4537`	vulnerable	2026-06-03 14:28:58.456261	Details available Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536. Published: 2008-10-10T18:00:00.000Z Updated: 2024-08-07T10:17:09.940Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/31509 https://exchange.xforce.ibmcloud.com/vulnerabilities/45851 http://jvn.jp/en/jp/JVN26621646/index.html http://www.ec-cube.net/release/detail.php?release_id=193 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000062.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-4536`	vulnerable	2026-06-03 14:28:58.455730	Details available Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537. Published: 2008-10-10T18:00:00.000Z Updated: 2024-08-07T10:17:10.119Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/31509 https://exchange.xforce.ibmcloud.com/vulnerabilities/45850 http://jvn.jp/en/jp/JVN36085487/index.html http://www.ec-cube.net/release/detail.php?release_id=193 http://secunia.com/advisories/32065	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Ec Cube

PURL mappings

Vulnerability references

Contribute