Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Lockon Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0564 1 Lockon 1 Ec-cube 2018-05-24 5.8 MEDIUM 8.1 HIGH
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors.
CVE-2011-3988 1 Lockon 1 Ec-cube 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-0451 1 Lockon 1 Ec-cube 2017-08-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1200 1 Lockon 1 Ec-cube 2016-11-28 6.5 MEDIUM 6.3 MEDIUM
The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.
CVE-2016-1201 1 Lockon 1 Ec-cube 2016-11-28 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.
CVE-2016-1199 1 Lockon 1 Ec-cube 2016-05-05 5.0 MEDIUM 5.3 MEDIUM
The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
CVE-2015-5665 1 Lockon 1 Ec-cube 2015-10-27 5.1 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
CVE-2014-0807 1 Lockon 1 Ec-cube 2014-01-23 6.4 MEDIUM N/A
data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.
CVE-2014-0808 1 Lockon 1 Ec-cube 2014-01-23 5.0 MEDIUM N/A
The lfCheckError function in data/class/pages/shopping/LC_Page_Shopping_Multiple.php in LOCKON EC-CUBE 2.11.0 through 2.12.2 allows remote attackers to obtain sensitive shipping information via unspecified vectors.
CVE-2013-5995 1 Lockon 1 Ec-cube 2013-11-21 5.5 MEDIUM N/A
data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.
CVE-2013-5996 1 Lockon 1 Ec-cube 2013-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.
CVE-2013-5991 1 Lockon 1 Ec-cube 2013-11-21 4.3 MEDIUM N/A
The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.
CVE-2013-5992 1 Lockon 1 Ec-cube 2013-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.
CVE-2013-5993 1 Lockon 1 Ec-cube 2013-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.
CVE-2013-5994 1 Lockon 1 Ec-cube 2013-11-21 5.0 MEDIUM N/A
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
CVE-2013-3651 1 Lockon 1 Ec-cube 2013-10-11 7.5 HIGH N/A
LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.
CVE-2013-3650 1 Lockon 1 Ec-cube 2013-10-11 5.0 MEDIUM N/A
Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654.
CVE-2013-3654 1 Lockon 1 Ec-cube 2013-10-11 5.0 MEDIUM N/A
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.
CVE-2013-3652 1 Lockon 1 Ec-cube 2013-10-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653.
CVE-2013-3653 1 Lockon 1 Ec-cube 2013-10-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652.