edit-icon download-icon

[Vulnerability notice] Arbitrary user logon vulnerability in the frontend of ECShop

Last Updated: May 07, 2018

Description

ECshop is an independent B2C online shop system for businesses and individuals to quickly build personalized online stores. The system is based on PHP + MySQL, and developed as a cross-platform open source program.

However, ECshop has an arbitrary logon vulnerability that allows attackers to log on to any user account to steal or manipulate user information.

Fix

Upgrade ECshop to the latest version from the official website.

Thank you! We've received your feedback.