{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T22:25:05.297","vulnerabilities":[{"cve":{"id":"CVE-2018-0658","sourceIdentifier":"vultures@jpcert.or.jp","published":"2018-09-07T14:29:02.633","lastModified":"2024-11-21T03:38:40.900","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors."},{"lang":"es","value":"Problema de validación de entradas en EC-CUBE Payment Module (2.12) en versiones 3.5.23 y anteriores, EC-CUBE Payment Module (2.11) en versiones 2.3.17 y anteriores, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) en versiones 3.5.23 y anteriores y GMO-PG Payment Module (PG Multi-Payment Service) (2.11) en versiones 2.3.17 y anteriores permite que un atacante con permisos de administrador ejecute código PHP arbitrario en el servidor mediante vectores sin especificar."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ec-cube:ec-cube_payment_module:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.17","matchCriteriaId":"7BD26589-55F6-4932-8C5E-9BEE82D41373"},{"vulnerable":true,"criteria":"cpe:2.3:a:gmo-pg:gmo-pg_payment_module:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.17","matchCriteriaId":"F47C5446-2A83-43CF-9AB5-EBBFBB4BAC9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:ec-cube:ec-cube:2.11:*:*:*:*:*:*:*","matchCriteriaId":"FA0DA371-7B35-4019-A67F-75F8CE0B691C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ec-cube:ec-cube_payment_module:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5.23","matchCriteriaId":"CF34BE6C-9913-4277-AAF8-30FDCE8129AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:gmo-pg:gmo-pg_payment_module:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5.23","matchCriteriaId":"D634F5CB-877B-43AB-9C57-E54C87164568"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:ec-cube:ec-cube:2.12:*:*:*:*:*:*:*","matchCriteriaId":"E1B9AF05-5211-47EB-B448-00709CFDFEDE"}]}]}],"references":[{"url":"http://jvn.jp/en/jp/JVN06372244/index.html","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"http://jvn.jp/en/jp/JVN06372244/index.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}