EC-CUBE
Moderate fix3 remedies
cpe:2.3:a:ec-cube:ec-cube:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 4.1.0, < 4.1.2-p5
- >= 4.2.0, < 4.2.3-p2
- >= 4.3.0, < 4.3.1-p1
EC-CUBE Multi-Factor Authentication Bypass Vulnerability
Vulnerability
Patched
A vulnerability allowing multi-factor authentication (MFA) bypass has been identified in EC-CUBE versions 4.1 series prior to 4.1.2-p5, 4.2 series prior to 4.2.3-p2, and 4.3 series prior to 4.3.1-p1. This vulnerability allows an attacker with a valid administrator ID and password to bypass two-factor authentication and gain unauthorized access to the administrative page.
Impact
Exploitation of this vulnerability allows for unauthorized access to the administrative page by bypassing two-factor authentication.
Reproduction
To reproduce this vulnerability, an attacker must obtain a valid administrator ID and password. Once these credentials are acquired, they can log into the administrative page and bypass the two-factor authentication process, gaining unauthorized access.
Remediation
Users can apply the appropriate patch for their EC-CUBE version. Patch files for versions 4.1.2-p5, 4.2.3-p2, and 4.3.1-p1 are available on the EC-CUBE website.
Added: Mar 5, 2026, 6:21 AM
Updated: Mar 5, 2026, 6:21 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
5.0exploitability
5.3remediation
7.7relevance
3.5threat
1.6urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.