6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-5679

GHSA ID

GHSA-rwh8-h525-4jvj

EPSS Score

0.42124%

CWE

CWE-1021

Published

5/24/2022

Updated

4/25/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-5679

CVE-2020-5679: EC-CUBE Improper Restriction of Rendered UI Layers or Frames

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-5679

GHSA ID

GHSA-rwh8-h525-4jvj

EPSS Score

0.42124%

CWE

CWE-1021

Published

5/24/2022

Updated

4/25/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ec-cube/ec-cube	composer	>= 3.0.0, <= 3.0.18

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Improp*r r*stri*tion o* r*n**r** UI l*y*rs or *r*m*s in **-*U** v*rsions *rom *.*.* to *.*.** l***s to *li*kj**kin* *tt**ks. I* * us*r ****ss*s * sp**i*lly *r**t** p*** w*il* lo**** into t** **ministr*tiv* p***, unint*n*** op*r*tions m*y ** *on*u*t**

Reasoning

No *n*lysis *v*il**l*

6.1

Basic Information

Concerned about an active attack path?

CVE-2020-5679: EC-CUBE Improper Restriction of Rendered UI Layers or Frames

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI