All Products
Document Center

[Vulnerability notice] Arbitrary user logon vulnerability in the frontend of ECShop

Last Updated: May 07, 2018


ECshop is an independent B2C online shop system for businesses and individuals to quickly build personalized online stores. The system is based on PHP + MySQL, and developed as a cross-platform open source program.

However, ECshop has an arbitrary logon vulnerability that allows attackers to log on to any user account to steal or manipulate user information.


Upgrade ECshop to the latest version from the official website.