Vulnerabilites related to lockon - ec-cube
CVE-2013-3654 (GCVE-0-2013-3654)
Vulnerability from cvelistv5
Published
2013-06-29 19:00
Modified
2024-09-17 03:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000065",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVN#04161229",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN04161229/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=45"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000065",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVN#04161229",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN04161229/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=45"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000065",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000065"
},
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVN#04161229",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN04161229/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=45",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=45"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22891",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3654",
"datePublished": "2013-06-29T19:00:00Z",
"dateReserved": "2013-05-22T00:00:00Z",
"dateUpdated": "2024-09-17T03:54:12.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0451 (GCVE-0-2011-0451)
Vulnerability from cvelistv5
Published
2011-02-03 15:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#84393059",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN84393059/index.html"
},
{
"name": "43153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43153"
},
{
"name": "46100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46100"
},
{
"name": "ec-cube-list-xss(65079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/18742"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=36"
},
{
"name": "JVNDB-2011-000011",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#84393059",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN84393059/index.html"
},
{
"name": "43153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43153"
},
{
"name": "46100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46100"
},
{
"name": "ec-cube-list-xss(65079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/18742"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=36"
},
{
"name": "JVNDB-2011-000011",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-0451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#84393059",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN84393059/index.html"
},
{
"name": "43153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43153"
},
{
"name": "46100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46100"
},
{
"name": "ec-cube-list-xss(65079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65079"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/18742",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/18742"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=36",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=36"
},
{
"name": "JVNDB-2011-000011",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-0451",
"datePublished": "2011-02-03T15:00:00",
"dateReserved": "2011-01-14T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3650 (GCVE-0-2013-3650)
Vulnerability from cvelistv5
Published
2013-06-29 19:00
Modified
2024-09-17 01:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000061",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22863"
},
{
"name": "JVN#43886811",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN43886811/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000061",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22863"
},
{
"name": "JVN#43886811",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN43886811/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=48"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000061",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000061"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22863",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22863"
},
{
"name": "JVN#43886811",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43886811/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=48",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=48"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3650",
"datePublished": "2013-06-29T19:00:00Z",
"dateReserved": "2013-05-22T00:00:00Z",
"dateUpdated": "2024-09-17T01:40:45.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2314 (GCVE-0-2013-2314)
Vulnerability from cvelistv5
Published
2013-05-29 19:00
Modified
2024-09-17 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=42"
},
{
"name": "JVN#45306814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN45306814/index.html"
},
{
"name": "JVNDB-2013-000043",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-29T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=42"
},
{
"name": "JVN#45306814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN45306814/index.html"
},
{
"name": "JVNDB-2013-000043",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22826",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22826"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=42",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=42"
},
{
"name": "JVN#45306814",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN45306814/index.html"
},
{
"name": "JVNDB-2013-000043",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2314",
"datePublished": "2013-05-29T19:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:16:28.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0808 (GCVE-0-2014-0808)
Vulnerability from cvelistv5
Published
2014-01-22 21:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authorization Bypass Through User-Controlled Key
Summary
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | EC-CUBE CO.,LTD. | EC-CUBE |
Version: 2.11.0 through 2.12.2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-0808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:04:20.266694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-566",
"description": "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:07:16.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
},
{
"tags": [
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51770585/"
},
{
"tags": [
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
},
{
"tags": [
"x_transferred"
],
"url": "https://ec-orange.jp/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15637138/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EC-CUBE",
"vendor": "EC-CUBE CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "2.11.0 through 2.12.2"
}
]
},
{
"product": "EC-Orange",
"vendor": "S\u2011cubism Inc.",
"versions": [
{
"status": "affected",
"version": "systems deployed before June 29th"
},
{
"status": "affected",
"version": " 2015"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users\u0027 information by sending a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:17:08.940Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
},
{
"url": "http://jvn.jp/en/jp/JVN51770585/"
},
{
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
},
{
"url": "https://ec-orange.jp/"
},
{
"url": "https://jvn.jp/en/jp/JVN15637138/"
},
{
"url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0808",
"datePublished": "2014-01-22T21:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5991 (GCVE-0-2013-5991)
Vulnerability from cvelistv5
Published
2013-11-21 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#61077110",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN61077110/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000104",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#61077110",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN61077110/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000104",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#61077110",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61077110/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=54",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000104",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5991",
"datePublished": "2013-11-21T02:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:41.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1325 (GCVE-0-2011-1325)
Vulnerability from cvelistv5
Published
2011-05-13 17:00
Modified
2024-09-17 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2011-000029",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
},
{
"name": "44487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44487"
},
{
"name": "JVN#37878530",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN37878530/index.html"
},
{
"name": "72239",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/72239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ec-cube.net/press/detail.php?press_id=114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-13T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2011-000029",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
},
{
"name": "44487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44487"
},
{
"name": "JVN#37878530",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN37878530/index.html"
},
{
"name": "72239",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/72239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ec-cube.net/press/detail.php?press_id=114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000029",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
},
{
"name": "44487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44487"
},
{
"name": "JVN#37878530",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN37878530/index.html"
},
{
"name": "72239",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72239"
},
{
"name": "http://www.ec-cube.net/press/detail.php?press_id=114",
"refsource": "MISC",
"url": "http://www.ec-cube.net/press/detail.php?press_id=114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1325",
"datePublished": "2011-05-13T17:00:00Z",
"dateReserved": "2011-03-09T00:00:00Z",
"dateUpdated": "2024-09-17T04:24:35.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3988 (GCVE-0-2011-3988)
Vulnerability from cvelistv5
Published
2011-10-21 18:00
Modified
2024-08-06 23:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/ticket/1502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38"
},
{
"name": "eccube-scquery-sql-injection(70625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625"
},
{
"name": "50140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50140"
},
{
"name": "JVNDB-2011-000087",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/release/detail.php?release_id=286"
},
{
"name": "JVN#44496332",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN44496332/index.html"
},
{
"name": "76399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76399"
},
{
"name": "46446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/ticket/1502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38"
},
{
"name": "eccube-scquery-sql-injection(70625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625"
},
{
"name": "50140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50140"
},
{
"name": "JVNDB-2011-000087",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/release/detail.php?release_id=286"
},
{
"name": "JVN#44496332",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN44496332/index.html"
},
{
"name": "76399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76399"
},
{
"name": "46446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46446"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.ec-cube.net/open_trac/ticket/1502",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/ticket/1502"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=38",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38"
},
{
"name": "eccube-scquery-sql-injection(70625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625"
},
{
"name": "50140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50140"
},
{
"name": "JVNDB-2011-000087",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html"
},
{
"name": "http://www.ec-cube.net/release/detail.php?release_id=286",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/release/detail.php?release_id=286"
},
{
"name": "JVN#44496332",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN44496332/index.html"
},
{
"name": "76399",
"refsource": "OSVDB",
"url": "http://osvdb.org/76399"
},
{
"name": "46446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46446"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3988",
"datePublished": "2011-10-21T18:00:00",
"dateReserved": "2011-10-05T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1201 (GCVE-0-2016-1201)
Vulnerability from cvelistv5
Published
2016-04-30 10:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
},
{
"name": "JVNDB-2016-000053",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
},
{
"name": "JVN#73776243",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73776243/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "90515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
},
{
"name": "JVNDB-2016-000053",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
},
{
"name": "JVN#73776243",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73776243/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90515"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=67",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
},
{
"name": "JVNDB-2016-000053",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
},
{
"name": "JVN#73776243",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73776243/index.html"
},
{
"name": "https://www.ec-cube.net/info/weakness/201604/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1201",
"datePublished": "2016-04-30T10:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2313 (GCVE-0-2013-2313)
Vulnerability from cvelistv5
Published
2013-05-29 19:00
Modified
2024-09-16 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000042",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22805"
},
{
"name": "JVN#00985872",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN00985872/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-29T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000042",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22805"
},
{
"name": "JVN#00985872",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN00985872/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000042",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=40",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22805",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22805"
},
{
"name": "JVN#00985872",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN00985872/index.html"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22804",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2313",
"datePublished": "2013-05-29T19:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T20:27:32.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2315 (GCVE-0-2013-2315)
Vulnerability from cvelistv5
Published
2013-05-29 19:00
Modified
2024-09-16 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000044",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
},
{
"name": "JVN#39699406",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22580"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-29T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000044",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
},
{
"name": "JVN#39699406",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22580"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000044",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=43",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
},
{
"name": "JVN#39699406",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22580",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22580"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2315",
"datePublished": "2013-05-29T19:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:49.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3652 (GCVE-0-2013-3652)
Vulnerability from cvelistv5
Published
2013-06-29 16:00
Modified
2024-09-17 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000063",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22862"
},
{
"name": "JVN#07192063",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN07192063/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T16:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000063",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22862"
},
{
"name": "JVN#07192063",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN07192063/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000063",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=47",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22862",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22862"
},
{
"name": "JVN#07192063",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN07192063/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3652",
"datePublished": "2013-06-29T16:00:00Z",
"dateReserved": "2013-05-22T00:00:00Z",
"dateUpdated": "2024-09-17T04:24:01.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0564 (GCVE-0-2018-0564)
Vulnerability from cvelistv5
Published
2018-04-20 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Session fixation
Summary
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LOCKON CO.,LTD. | EC-CUBE |
Version: (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/20180416/"
},
{
"name": "JVN#52695336",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EC-CUBE",
"vendor": "LOCKON CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
}
]
}
],
"datePublic": "2018-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/20180416/"
},
{
"name": "JVN#52695336",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EC-CUBE",
"version": {
"version_data": [
{
"version_value": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
}
]
}
}
]
},
"vendor_name": "LOCKON CO.,LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ec-cube.net/info/weakness/20180416/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/20180416/"
},
{
"name": "JVN#52695336",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0564",
"datePublished": "2018-04-20T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5993 (GCVE-0-2013-5993)
Vulnerability from cvelistv5
Published
2013-11-21 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#11221613",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN11221613/index.html"
},
{
"name": "JVNDB-2013-000097",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#11221613",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN11221613/index.html"
},
{
"name": "JVNDB-2013-000097",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#11221613",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN11221613/index.html"
},
{
"name": "JVNDB-2013-000097",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=53",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23277",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5993",
"datePublished": "2013-11-21T02:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5994 (GCVE-0-2013-5994)
Vulnerability from cvelistv5
Published
2013-11-21 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#06870202",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06870202/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23278"
},
{
"name": "JVNDB-2013-000098",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#06870202",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06870202/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23278"
},
{
"name": "JVNDB-2013-000098",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#06870202",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06870202/index.html"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23278",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23278"
},
{
"name": "JVNDB-2013-000098",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=52",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5994",
"datePublished": "2013-11-21T02:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5992 (GCVE-0-2013-5992)
Vulnerability from cvelistv5
Published
2013-11-21 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000105",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
},
{
"name": "JVN#38790987",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN38790987/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000105",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
},
{
"name": "JVN#38790987",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN38790987/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=54",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000105",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
},
{
"name": "JVN#38790987",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN38790987/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5992",
"datePublished": "2013-11-21T02:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5995 (GCVE-0-2013-5995)
Vulnerability from cvelistv5
Published
2013-11-21 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#55630933",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"name": "JVNDB-2013-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#55630933",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"name": "JVNDB-2013-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#55630933",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"name": "JVNDB-2013-000106",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=51",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23274",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5995",
"datePublished": "2013-11-21T02:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4702 (GCVE-0-2013-4702)
Vulnerability from cvelistv5
Published
2013-08-30 21:00
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96756"
},
{
"name": "JVN#15973066",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN15973066/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
},
{
"name": "JVNDB-2013-000081",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-12T09:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "96756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96756"
},
{
"name": "JVN#15973066",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN15973066/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
},
{
"name": "JVNDB-2013-000081",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96756",
"refsource": "OSVDB",
"url": "http://osvdb.org/96756"
},
{
"name": "JVN#15973066",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN15973066/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=50",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
},
{
"name": "JVNDB-2013-000081",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22891",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"name": "http://www.ec-cube.net/info/weakness/20130829/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-4702",
"datePublished": "2013-08-30T21:00:00",
"dateReserved": "2013-06-26T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0807 (GCVE-0-2014-0807)
Vulnerability from cvelistv5
Published
2014-01-22 21:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
},
{
"name": "JVN#17849447",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN17849447/index.html"
},
{
"name": "JVNDB-2014-000005",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-22T21:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
},
{
"name": "JVN#17849447",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN17849447/index.html"
},
{
"name": "JVNDB-2014-000005",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=56",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
},
{
"name": "JVN#17849447",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN17849447/index.html"
},
{
"name": "JVNDB-2014-000005",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0807",
"datePublished": "2014-01-22T21:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2312 (GCVE-0-2013-2312)
Vulnerability from cvelistv5
Published
2013-05-29 19:00
Modified
2024-09-16 21:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"name": "JVN#52552792",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52552792/index.html"
},
{
"name": "JVNDB-2013-000041",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-29T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"name": "JVN#52552792",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52552792/index.html"
},
{
"name": "JVNDB-2013-000041",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=40",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"name": "JVN#52552792",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52552792/index.html"
},
{
"name": "JVNDB-2013-000041",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000041"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22604",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2312",
"datePublished": "2013-05-29T19:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T21:03:33.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1200 (GCVE-0-2016-1200)
Vulnerability from cvelistv5
Published
2016-04-30 10:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90503"
},
{
"name": "JVN#11458774",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN11458774/index.html"
},
{
"name": "JVNDB-2016-000052",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "90503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90503"
},
{
"name": "JVN#11458774",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN11458774/index.html"
},
{
"name": "JVNDB-2016-000052",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90503"
},
{
"name": "JVN#11458774",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN11458774/index.html"
},
{
"name": "JVNDB-2016-000052",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
},
{
"name": "https://www.ec-cube.net/info/weakness/201604/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/201604/"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=66",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1200",
"datePublished": "2016-04-30T10:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1199 (GCVE-0-2016-1199)
Vulnerability from cvelistv5
Published
2016-04-30 10:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#47473944",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN47473944/index.html"
},
{
"name": "JVNDB-2016-000051",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-30T01:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#47473944",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN47473944/index.html"
},
{
"name": "JVNDB-2016-000051",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#47473944",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN47473944/index.html"
},
{
"name": "JVNDB-2016-000051",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=65",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
},
{
"name": "https://www.ec-cube.net/info/weakness/201604/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1199",
"datePublished": "2016-04-30T10:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3651 (GCVE-0-2013-3651)
Vulnerability from cvelistv5
Published
2013-06-29 19:00
Modified
2024-09-16 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=49"
},
{
"name": "JVN#34900750",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN34900750/index.html"
},
{
"name": "JVNDB-2013-000062",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=49"
},
{
"name": "JVN#34900750",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN34900750/index.html"
},
{
"name": "JVNDB-2013-000062",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22891",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=49",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=49"
},
{
"name": "JVN#34900750",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN34900750/index.html"
},
{
"name": "JVNDB-2013-000062",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3651",
"datePublished": "2013-06-29T19:00:00Z",
"dateReserved": "2013-05-22T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:31.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5996 (GCVE-0-2013-5996)
Vulnerability from cvelistv5
Published
2013-11-21 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000107",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
},
{
"name": "JVN#06377589",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000107",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
},
{
"name": "JVN#06377589",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000107",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
},
{
"name": "JVN#06377589",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=55",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23275",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5996",
"datePublished": "2013-11-21T02:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3653 (GCVE-0-2013-3653)
Vulnerability from cvelistv5
Published
2013-06-29 16:00
Modified
2024-09-16 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
},
{
"name": "JVN#98665228",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN98665228/index.html"
},
{
"name": "JVNDB-2013-000064",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T16:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
},
{
"name": "JVN#98665228",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN98665228/index.html"
},
{
"name": "JVNDB-2013-000064",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=46",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
},
{
"name": "JVN#98665228",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN98665228/index.html"
},
{
"name": "JVNDB-2013-000064",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22861",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3653",
"datePublished": "2013-06-29T16:00:00Z",
"dateReserved": "2013-05-22T00:00:00Z",
"dateUpdated": "2024-09-16T16:28:53.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5665 (GCVE-0-2015-5665)
Vulnerability from cvelistv5
Published
2015-10-27 01:00
Modified
2024-08-06 06:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:03.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
},
{
"name": "JVNDB-2015-000166",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
},
{
"name": "JVN#97278546",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN97278546/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/201510_01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-27T01:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
},
{
"name": "JVNDB-2015-000166",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
},
{
"name": "JVN#97278546",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN97278546/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/201510_01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=63",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
},
{
"name": "JVNDB-2015-000166",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
},
{
"name": "JVN#97278546",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN97278546/index.html"
},
{
"name": "https://www.ec-cube.net/info/weakness/201510_01/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/201510_01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5665",
"datePublished": "2015-10-27T01:00:00",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:03.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-06-30 20:56
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43325D17-36C5-41DC-B343-2E647A4246AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en data/class/pages/products/LC_Page_Products_List.php en LOCKON EC-CUBE v2.11.0 hasta v2.12.4 permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s de vectores que involucran al campo \"classcategory_id2\" una diferente vulnerabilidad a CVE-2013-3653."
}
],
"id": "CVE-2013-3652",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-06-30T20:56:30.713",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN07192063/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22862"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN07192063/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-30 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN47473944/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051 | Vendor Advisory | |
| vultures@jpcert.or.jp | http://www.ec-cube.net/info/weakness/weakness.php?id=65 | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.ec-cube.net/info/weakness/201604/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN47473944/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ec-cube.net/info/weakness/weakness.php?id=65 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ec-cube.net/info/weakness/201604/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB551616-10D8-4EF4-9FA9-E7F5986E8627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C614924A-401D-484B-96AA-87D1C071D994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B27593-E73B-45C9-A1BF-A3CFF97F3850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9272BD35-622B-40BA-8A7E-C2BFED8831AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAC75E-415C-43A6-90DA-F8DCBE8B1749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74022ECE-0307-4FEE-B6E8-C575B106D6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "225965E9-0C6C-4F16-B0DB-73C7057E0DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4260F22D-636C-47A6-8A4E-89FAC3085F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0603E775-3E8D-458D-B2BD-8698F6BC32D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38A08F69-72BD-47DF-9EF3-E3DA80FAEBBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200."
},
{
"lang": "es",
"value": "La p\u00e1gina de inicio de sesi\u00f3n en la pantalla de administraci\u00f3n en LOCKON EC-CUBE 3.0.0 hasta la versi\u00f3n 3.0.9 permite a atacantes remotos eludir restricciones destinadas a direcciones IP a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1200."
}
],
"id": "CVE-2016-1199",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-30T10:59:01.160",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN47473944/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN47473944/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-30 20:56
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93BE8264-1904-4FB8-927C-E8668D899EC3",
"versionEndIncluding": "2.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en la caracter\u00edstica RecommendSearch en la pantalla de gesti\u00f3n en LOCKON EC-CUBE anterior a 2.12.5, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a trav\u00e9s de vectores que involucran el par\u00e1metro \"rank\". Vulnerabilidad distinta de CVE-2013-3652."
}
],
"id": "CVE-2013-3653",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-06-30T20:56:30.847",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN98665228/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22861"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN98665228/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-30 19:28
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43325D17-36C5-41DC-B343-2E647A4246AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en LOCKON EC-CUBE v2.12.0 hasta v2.12.4 permite a atacantes remotos leer archivos de imagen arbitrarios a trav\u00e9s de vectores relacionados con data/class/SC_CheckError.php y ata/class/SC_FormParam.php, una vulnerabilidad diferente a CVE-2013-3650."
}
],
"id": "CVE-2013-3654",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-30T19:28:05.173",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN04161229/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000065"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN04161229/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=45"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-30 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4260F22D-636C-47A6-8A4E-89FAC3085F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0603E775-3E8D-458D-B2BD-8698F6BC32D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38A08F69-72BD-47DF-9EF3-E3DA80FAEBBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199."
},
{
"lang": "es",
"value": "La pantalla de ajustes en LOCKON EC-CUBE 3.0.7 hasta la versi\u00f3n 3.0.9 permite a usuarios remotos autenticados eludir restricciones destinadas al acceso a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1199."
}
],
"id": "CVE-2016-1200",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-30T10:59:02.270",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN11458774/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/90503"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN11458774/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-30 19:28
Modified
2025-04-11 00:51
Severity ?
Summary
LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43325D17-36C5-41DC-B343-2E647A4246AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php."
},
{
"lang": "es",
"value": "LOCKON EC-CUBE v2.11.2 hasta v2.12.4 permite a atacantes remotos llevar a cabo inyecciones de c\u00f3digo PHP mediante una cadena especialmente dise\u00f1ada, relacionado con data/class/SC_CheckError.php y data/class/SC_FormParam.php."
}
],
"id": "CVE-2013-3651",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-30T19:28:04.863",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN34900750/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000062"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN34900750/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=49"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-21 04:40
Modified
2025-04-11 00:51
Severity ?
Summary
The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A85840E-73A5-411D-912A-A1CEA7852904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C34FB238-1A64-4CBB-AAF6-FDE6BA90A096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output."
},
{
"lang": "es",
"value": "La funci\u00f3n displaySystemError en html/handle_error.php de LOCKON EC-CUBE 2.11.0 hasta la versi\u00f3n 2.11.5 permite a atacantes remotos obtener informaci\u00f3n sensible mediante el aprovechamiento de un manejo incorrecto en la salida del log de errores."
}
],
"id": "CVE-2013-5991",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-21T04:40:58.953",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN61077110/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN61077110/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 13:29
Modified
2024-11-21 03:38
Severity ?
Summary
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN52695336/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://www.ec-cube.net/info/weakness/20180416/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN52695336/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ec-cube.net/info/weakness/20180416/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66414F66-0514-4E2A-959B-4E0A991A2A25",
"versionEndIncluding": "3.0.15",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14 y EC-CUBE 3.0.15) permite que atacantes remotos realicen operaciones arbitrarias mediante vectores sin especificar."
}
],
"id": "CVE-2018-0564",
"lastModified": "2024-11-21T03:38:29.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T13:29:00.260",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/20180416/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/20180416/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-21 04:40
Modified
2025-04-11 00:51
Severity ?
Summary
data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2187D-3860-4432-9646-8F0DE41F3168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF41053-E778-4000-9BE5-3F538A78AA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E213BA2-5D21-4A58-8E32-1168A9108C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.4en:*:*:*:*:*:*:*",
"matchCriteriaId": "C84115A8-8F65-4E6D-B77E-C14F83E5FB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "930A679D-FC06-439E-B028-1F8658FC0B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5en:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0D2972-74A9-45FE-BE17-DEDD24A8B704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8417F3B8-1A43-40DE-A429-FB29FD543FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.6en:*:*:*:*:*:*:*",
"matchCriteriaId": "CD60B565-5AEA-4CFA-807D-7BE1BF2CAB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D9BFC7-D797-4461-870E-CF67DD28629E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
},
{
"lang": "es",
"value": "data/class/helper/SC_Helper_Address.php en la implementaci\u00f3n front-features de LOCKON EC-CUBE 2.12.3 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores sin especificar relacionados con las direcciones."
}
],
"evaluatorComment": "Per: http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000106.html\n\n\"User\u0027s information may be obtained or altered by other user who visits the shopping site\"",
"id": "CVE-2013-5995",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-21T04:40:59.047",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23274"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-21 04:40
Modified
2025-04-11 00:51
Severity ?
Summary
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | 2.11.2 | |
| lockon | ec-cube | 2.11.3 | |
| lockon | ec-cube | 2.11.4 | |
| lockon | ec-cube | 2.11.5 | |
| lockon | ec-cube | 2.12.0 | |
| lockon | ec-cube | 2.12.1 | |
| lockon | ec-cube | 2.12.2 | |
| lockon | ec-cube | 2.12.3 | |
| lockon | ec-cube | 2.12.3en | |
| lockon | ec-cube | 2.12.3enp1 | |
| lockon | ec-cube | 2.12.3enp2 | |
| lockon | ec-cube | 2.12.4en | |
| lockon | ec-cube | 2.12.5 | |
| lockon | ec-cube | 2.12.5en | |
| lockon | ec-cube | 2.12.6 | |
| lockon | ec-cube | 2.12.6en | |
| lockon | ec-cube | 2.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2187D-3860-4432-9646-8F0DE41F3168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF41053-E778-4000-9BE5-3F538A78AA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E213BA2-5D21-4A58-8E32-1168A9108C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.4en:*:*:*:*:*:*:*",
"matchCriteriaId": "C84115A8-8F65-4E6D-B77E-C14F83E5FB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "930A679D-FC06-439E-B028-1F8658FC0B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5en:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0D2972-74A9-45FE-BE17-DEDD24A8B704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8417F3B8-1A43-40DE-A429-FB29FD543FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.6en:*:*:*:*:*:*:*",
"matchCriteriaId": "CD60B565-5AEA-4CFA-807D-7BE1BF2CAB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D9BFC7-D797-4461-870E-CF67DD28629E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
},
{
"lang": "es",
"value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php en LOCKON EC-CUBE 2.11.2 hasta la versi\u00f3n 2.13.0 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de peticiones directas, lo que revela la ruta de directorio en un mensaje de error."
}
],
"id": "CVE-2013-5994",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-21T04:40:59.033",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN06870202/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23278"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN06870202/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-27 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.1 | |
| lockon | ec-cube | 2.11.2 | |
| lockon | ec-cube | 2.11.3 | |
| lockon | ec-cube | 2.11.4 | |
| lockon | ec-cube | 2.11.5 | |
| lockon | ec-cube | 2.12.0 | |
| lockon | ec-cube | 2.12.1 | |
| lockon | ec-cube | 2.12.2 | |
| lockon | ec-cube | 2.12.3 | |
| lockon | ec-cube | 2.12.5 | |
| lockon | ec-cube | 2.12.6 | |
| lockon | ec-cube | 2.13.0 | |
| lockon | ec-cube | 2.13.1 | |
| lockon | ec-cube | 2.13.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "930A679D-FC06-439E-B028-1F8658FC0B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8417F3B8-1A43-40DE-A429-FB29FD543FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D9BFC7-D797-4461-870E-CF67DD28629E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03C4728A-F728-4BBC-9998-3421070E18FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D26FD-61EA-4D17-BE57-E70BA443F90B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en LOCKON EC-CUBE 2.11.0 hasta la versi\u00f3n 2.13.3 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios en peticiones que escriben en scripts PHP, relacionada con la funci\u00f3n doValidToken."
}
],
"id": "CVE-2015-5665",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-27T02:59:00.103",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN97278546/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/201510_01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN97278546/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/201510_01/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-21 04:40
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.1 | |
| lockon | ec-cube | 2.11.2 | |
| lockon | ec-cube | 2.11.3 | |
| lockon | ec-cube | 2.11.4 | |
| lockon | ec-cube | 2.11.5 | |
| lockon | ec-cube | 2.12.0 | |
| lockon | ec-cube | 2.12.1 | |
| lockon | ec-cube | 2.12.2 | |
| lockon | ec-cube | 2.12.3 | |
| lockon | ec-cube | 2.12.3en | |
| lockon | ec-cube | 2.12.3enp1 | |
| lockon | ec-cube | 2.12.3enp2 | |
| lockon | ec-cube | 2.12.4en | |
| lockon | ec-cube | 2.12.5 | |
| lockon | ec-cube | 2.12.5en | |
| lockon | ec-cube | 2.12.6 | |
| lockon | ec-cube | 2.12.6en | |
| lockon | ec-cube | 2.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A85840E-73A5-411D-912A-A1CEA7852904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C34FB238-1A64-4CBB-AAF6-FDE6BA90A096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2187D-3860-4432-9646-8F0DE41F3168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF41053-E778-4000-9BE5-3F538A78AA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E213BA2-5D21-4A58-8E32-1168A9108C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.4en:*:*:*:*:*:*:*",
"matchCriteriaId": "C84115A8-8F65-4E6D-B77E-C14F83E5FB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "930A679D-FC06-439E-B028-1F8658FC0B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5en:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0D2972-74A9-45FE-BE17-DEDD24A8B704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8417F3B8-1A43-40DE-A429-FB29FD543FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.6en:*:*:*:*:*:*:*",
"matchCriteriaId": "CD60B565-5AEA-4CFA-807D-7BE1BF2CAB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D9BFC7-D797-4461-870E-CF67DD28629E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en LOCKON EC-CUBE 2.11.0 hasta la versi\u00f3n 2.13.0 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios a trav\u00e9s de vectores sin especificar relacionadas con denegaciones."
}
],
"id": "CVE-2013-5993",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-21T04:40:59.017",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN11221613/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23277"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN11221613/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-21 04:40
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.1 | |
| lockon | ec-cube | 2.11.2 | |
| lockon | ec-cube | 2.11.3 | |
| lockon | ec-cube | 2.11.4 | |
| lockon | ec-cube | 2.11.5 | |
| lockon | ec-cube | 2.12.0 | |
| lockon | ec-cube | 2.12.1 | |
| lockon | ec-cube | 2.12.2 | |
| lockon | ec-cube | 2.12.3 | |
| lockon | ec-cube | 2.12.3en | |
| lockon | ec-cube | 2.12.3enp1 | |
| lockon | ec-cube | 2.12.3enp2 | |
| lockon | ec-cube | 2.12.4en | |
| lockon | ec-cube | 2.12.5 | |
| lockon | ec-cube | 2.12.5en | |
| lockon | ec-cube | 2.12.6 | |
| lockon | ec-cube | 2.12.6en | |
| lockon | ec-cube | 2.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A85840E-73A5-411D-912A-A1CEA7852904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C34FB238-1A64-4CBB-AAF6-FDE6BA90A096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2187D-3860-4432-9646-8F0DE41F3168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF41053-E778-4000-9BE5-3F538A78AA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E213BA2-5D21-4A58-8E32-1168A9108C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.4en:*:*:*:*:*:*:*",
"matchCriteriaId": "C84115A8-8F65-4E6D-B77E-C14F83E5FB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "930A679D-FC06-439E-B028-1F8658FC0B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5en:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0D2972-74A9-45FE-BE17-DEDD24A8B704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8417F3B8-1A43-40DE-A429-FB29FD543FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.6en:*:*:*:*:*:*:*",
"matchCriteriaId": "CD60B565-5AEA-4CFA-807D-7BE1BF2CAB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D9BFC7-D797-4461-870E-CF67DD28629E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en componentes shopping/payment.tpl de LOCKON EC-CUBE 2.11.0 hasta la versi\u00f3n 2.13.0 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de valores manipulados."
}
],
"id": "CVE-2013-5996",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-21T04:40:59.080",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23275"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-29 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.1 | |
| lockon | ec-cube | 2.11.2 | |
| lockon | ec-cube | 2.11.3 | |
| lockon | ec-cube | 2.11.4 | |
| lockon | ec-cube | 2.11.5 | |
| lockon | ec-cube | 2.12.0 | |
| lockon | ec-cube | 2.12.1 | |
| lockon | ec-cube | 2.12.2 | |
| lockon | ec-cube | 2.12.3 | |
| lockon | ec-cube | 2.12.3en | |
| lockon | ec-cube | 2.12.3enp1 | |
| lockon | ec-cube | 2.12.3enp2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2187D-3860-4432-9646-8F0DE41F3168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF41053-E778-4000-9BE5-3F538A78AA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E213BA2-5D21-4A58-8E32-1168A9108C94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en la pantalla shopping-cart en LOCKON EC-CUBE 2.11.0 a la 2.12.3enP2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2013-2312",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-29T19:55:01.533",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN52552792/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000041"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://svn.ec-cube.net/open_trac/changeset/22604"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN52552792/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.ec-cube.net/open_trac/changeset/22604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-30 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB551616-10D8-4EF4-9FA9-E7F5986E8627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C614924A-401D-484B-96AA-87D1C071D994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B27593-E73B-45C9-A1BF-A3CFF97F3850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9272BD35-622B-40BA-8A7E-C2BFED8831AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAC75E-415C-43A6-90DA-F8DCBE8B1749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74022ECE-0307-4FEE-B6E8-C575B106D6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "225965E9-0C6C-4F16-B0DB-73C7057E0DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4260F22D-636C-47A6-8A4E-89FAC3085F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0603E775-3E8D-458D-B2BD-8698F6BC32D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38A08F69-72BD-47DF-9EF3-E3DA80FAEBBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en LOCKON EC-CUBE 3.0.0 hasta la versi\u00f3n 3.0.9 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores."
}
],
"id": "CVE-2016-1201",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-30T10:59:03.457",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN73776243/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/90515"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN73776243/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 17:05
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "849D7D7E-C088-44D3-AEC6-4A3F0410A60F",
"versionEndIncluding": "2.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CEC9058D-A282-4982-BE25-CC71C9C2F501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E8EDD5-740A-4B0F-8A9F-E1A88CA22C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "48491157-58B0-4D11-97FA-5B74206C0B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D870D2DB-2C8E-474F-BF03-2EB0BA001DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "18174C4A-F379-4494-8DCA-358E0863A1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA54C320-AC8F-4589-888D-74DCD6679F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.1:a:*:*:*:*:*:*",
"matchCriteriaId": "63983D4D-14D3-4709-9AD5-6B7BCE17705B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C920D358-FEFA-4298-9B2B-45B312A82EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAF827-DFF5-4682-8150-370C0B166418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "464FB8FF-5027-46B7-8649-B5983C15B28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.4:community:*:*:*:*:*:*",
"matchCriteriaId": "56E6BE02-0581-45F2-8A79-1263493A9609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.0:a-beta:*:*:*:*:*:*",
"matchCriteriaId": "EB577943-8950-454F-B2E4-95911110038C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "3426FF28-4782-43F2-A438-42FC31FAB369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "96EEF919-E417-4CEA-BF10-074011907138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "381AE319-FEF0-40A5-90AB-58669C7516D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.3:a-beta:*:*:*:*:*:*",
"matchCriteriaId": "F53838DC-799A-40B1-90A0-1EC190EA62C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.3:b-beta:*:*:*:*:*:*",
"matchCriteriaId": "4FAFDB13-2E78-4A0C-8E0F-7F59007BECFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "47B7ECDC-70F1-45B1-90A4-470583A9C5EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "4836836C-6903-40ED-8C05-11E8CB76A4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A45D1DC-06E6-4E29-8C10-9F7EE977C852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C39F07-E604-4847-8422-A1FE5EF6EB83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DC55E110-392A-4CB6-806D-295E5A1662CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6D8E63D8-0D7D-49C7-8FE1-DAC8F874A9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C567C953-E1F9-4B07-AB18-A38CA4D3A59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "552B8BF8-50E1-4F9E-A96F-B5D473F7991F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.0.1:a:*:*:*:*:*:*",
"matchCriteriaId": "18200777-61C3-436F-895B-37766CA0E8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "9C58C094-451F-4A72-8838-E8F7E6709B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7F2462-1D8E-4430-A619-D1EF56CB87CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.1.2:a:*:*:*:*:*:*",
"matchCriteriaId": "C56708E2-FD29-4A00-9B6C-01690C7159FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "2C9504AE-E763-4092-A8A9-468C4B5B8FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.2.1:one:*:*:*:*:*:*",
"matchCriteriaId": "31E5BBF2-3338-4ACE-AFDC-9C0818A32053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9672CF-654F-4D1F-87F0-FBBFAD7FADDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D281225F-A40E-4CF1-8E98-D3B1A668042E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42C428B1-C5F8-482B-A772-8FD676D78AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6101D519-D090-40C3-90E1-71C6CBA0FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA23AC9-EE28-482D-8564-4313FF37AE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF341A1B-2FFF-46B1-82E5-883681F3467C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54999245-399B-4535-8F2C-1F19CB06A053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FEF399-9399-4F4D-B866-763695F09ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2194828B-243E-49A2-8D71-B61B6C440FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34B1FC17-8F5F-4B35-AB42-01A77BB87EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F426468C-9A4A-4987-84E8-CA314E123DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.5.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "02269696-E6F0-4D8C-81A4-68A9856A20B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.5.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "71BB1875-731B-4EF7-823B-F1637695CFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A85840E-73A5-411D-912A-A1CEA7852904",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en EC-CUBE antes de v2.11.0, permite a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-1325",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-13T17:05:42.783",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN37878530/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44487"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.ec-cube.net/press/detail.php?press_id=114"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.osvdb.org/72239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN37878530/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ec-cube.net/press/detail.php?press_id=114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/72239"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-29 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.1 | |
| lockon | ec-cube | 2.11.2 | |
| lockon | ec-cube | 2.11.3 | |
| lockon | ec-cube | 2.11.4 | |
| lockon | ec-cube | 2.11.5 | |
| lockon | ec-cube | 2.12.0 | |
| lockon | ec-cube | 2.12.1 | |
| lockon | ec-cube | 2.12.2 | |
| lockon | ec-cube | 2.12.3 | |
| lockon | ec-cube | 2.12.3en | |
| lockon | ec-cube | 2.12.3enp1 | |
| lockon | ec-cube | 2.12.3enp2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2187D-3860-4432-9646-8F0DE41F3168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF41053-E778-4000-9BE5-3F538A78AA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E213BA2-5D21-4A58-8E32-1168A9108C94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en la funci\u00f3n adminAuthorization en data/class/helper/SC_Helper_Session.php en LOCKON EC-CUBE v2.11.0 hasta v2.12.3enP2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s una URL manipulada asociada a la pantalla de administraci\u00f3n."
}
],
"id": "CVE-2013-2314",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-29T19:55:01.673",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN45306814/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000043"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://svn.ec-cube.net/open_trac/changeset/22826"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN45306814/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.ec-cube.net/open_trac/changeset/22826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=42"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-03 16:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | * | |
| lockon | ec-cube | 1.1.0 | |
| lockon | ec-cube | 1.1.1 | |
| lockon | ec-cube | 1.2.0 | |
| lockon | ec-cube | 1.3.0 | |
| lockon | ec-cube | 1.3.0 | |
| lockon | ec-cube | 1.3.1 | |
| lockon | ec-cube | 1.3.1 | |
| lockon | ec-cube | 1.3.2 | |
| lockon | ec-cube | 1.3.3 | |
| lockon | ec-cube | 1.3.4 | |
| lockon | ec-cube | 1.3.4 | |
| lockon | ec-cube | 1.4.0 | |
| lockon | ec-cube | 1.4.0 | |
| lockon | ec-cube | 1.4.1 | |
| lockon | ec-cube | 1.4.2 | |
| lockon | ec-cube | 1.4.3 | |
| lockon | ec-cube | 1.4.3 | |
| lockon | ec-cube | 1.4.3 | |
| lockon | ec-cube | 1.4.5 | |
| lockon | ec-cube | 1.4.6 | |
| lockon | ec-cube | 1.4.7 | |
| lockon | ec-cube | 1.5.0 | |
| lockon | ec-cube | 2.0.0 | |
| lockon | ec-cube | 2.0.1 | |
| lockon | ec-cube | 2.0.1 | |
| lockon | ec-cube | 2.1.0 | |
| lockon | ec-cube | 2.1.2 | |
| lockon | ec-cube | 2.1.2 | |
| lockon | ec-cube | 2.2.0 | |
| lockon | ec-cube | 2.2.1 | |
| lockon | ec-cube | 2.3.0 | |
| lockon | ec-cube | 2.3.0 | |
| lockon | ec-cube | 2.3.1 | |
| lockon | ec-cube | 2.3.3 | |
| lockon | ec-cube | 2.3.4 | |
| lockon | ec-cube | 2.4.0 | |
| lockon | ec-cube | 2.4.0 | |
| lockon | ec-cube | 2.4.1 | |
| lockon | ec-cube | 2.4.2 | |
| lockon | ec-cube | 2.4.4 | |
| lockon | ec-cube | 2.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDD4E3A-ED5C-469F-84D3-DA2896D29E3A",
"versionEndIncluding": "2.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CEC9058D-A282-4982-BE25-CC71C9C2F501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E8EDD5-740A-4B0F-8A9F-E1A88CA22C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "48491157-58B0-4D11-97FA-5B74206C0B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D870D2DB-2C8E-474F-BF03-2EB0BA001DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "18174C4A-F379-4494-8DCA-358E0863A1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA54C320-AC8F-4589-888D-74DCD6679F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.1:a:*:*:*:*:*:*",
"matchCriteriaId": "63983D4D-14D3-4709-9AD5-6B7BCE17705B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C920D358-FEFA-4298-9B2B-45B312A82EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAF827-DFF5-4682-8150-370C0B166418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "464FB8FF-5027-46B7-8649-B5983C15B28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.3.4:community:*:*:*:*:*:*",
"matchCriteriaId": "56E6BE02-0581-45F2-8A79-1263493A9609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.0:a-beta:*:*:*:*:*:*",
"matchCriteriaId": "EB577943-8950-454F-B2E4-95911110038C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "3426FF28-4782-43F2-A438-42FC31FAB369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "96EEF919-E417-4CEA-BF10-074011907138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "381AE319-FEF0-40A5-90AB-58669C7516D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.3:a-beta:*:*:*:*:*:*",
"matchCriteriaId": "F53838DC-799A-40B1-90A0-1EC190EA62C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.3:b-beta:*:*:*:*:*:*",
"matchCriteriaId": "4FAFDB13-2E78-4A0C-8E0F-7F59007BECFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "47B7ECDC-70F1-45B1-90A4-470583A9C5EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A45D1DC-06E6-4E29-8C10-9F7EE977C852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C39F07-E604-4847-8422-A1FE5EF6EB83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DC55E110-392A-4CB6-806D-295E5A1662CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6D8E63D8-0D7D-49C7-8FE1-DAC8F874A9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C567C953-E1F9-4B07-AB18-A38CA4D3A59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "552B8BF8-50E1-4F9E-A96F-B5D473F7991F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.0.1:a:*:*:*:*:*:*",
"matchCriteriaId": "18200777-61C3-436F-895B-37766CA0E8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "9C58C094-451F-4A72-8838-E8F7E6709B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7F2462-1D8E-4430-A619-D1EF56CB87CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.1.2:a:*:*:*:*:*:*",
"matchCriteriaId": "C56708E2-FD29-4A00-9B6C-01690C7159FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "2C9504AE-E763-4092-A8A9-468C4B5B8FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.2.1:one:*:*:*:*:*:*",
"matchCriteriaId": "31E5BBF2-3338-4ACE-AFDC-9C0818A32053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9672CF-654F-4D1F-87F0-FBBFAD7FADDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D281225F-A40E-4CF1-8E98-D3B1A668042E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42C428B1-C5F8-482B-A772-8FD676D78AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6101D519-D090-40C3-90E1-71C6CBA0FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA23AC9-EE28-482D-8564-4313FF37AE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF341A1B-2FFF-46B1-82E5-883681F3467C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54999245-399B-4535-8F2C-1F19CB06A053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FEF399-9399-4F4D-B866-763695F09ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2194828B-243E-49A2-8D71-B61B6C440FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F426468C-9A4A-4987-84E8-CA314E123DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A85840E-73A5-411D-912A-A1CEA7852904",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias en sitios cruzados (XSS) en un (1) data/Smarty/templates/default/list.tpl y (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl en EC-CUBE antes de v2.4.4 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-0451",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-03T16:00:04.447",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN84393059/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43153"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/18742"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=36"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/46100"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN84393059/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/18742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65079"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-30 19:28
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93BE8264-1904-4FB8-927C-E8668D899EC3",
"versionEndIncluding": "2.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n lfCheckFileName en data/class/pages/LC_Page_ResizeImage.php en LOCKON EC-CUBE anterior a v2.12.5 permite a atacantes remotos leer ficheros de imagen arbitrarios mediante vectores que comprenden un par\u00e1metro image para resize_image.php, una vulnerabilidad diferente a CVE-2013-3654."
}
],
"id": "CVE-2013-3650",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-30T19:28:04.557",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN43886811/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000061"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22863"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN43886811/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=48"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-29 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.1 | |
| lockon | ec-cube | 2.11.2 | |
| lockon | ec-cube | 2.11.3 | |
| lockon | ec-cube | 2.11.4 | |
| lockon | ec-cube | 2.11.5 | |
| lockon | ec-cube | 2.12.0 | |
| lockon | ec-cube | 2.12.1 | |
| lockon | ec-cube | 2.12.2 | |
| lockon | ec-cube | 2.12.3 | |
| lockon | ec-cube | 2.12.3en | |
| lockon | ec-cube | 2.12.3enp1 | |
| lockon | ec-cube | 2.12.3enp2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2187D-3860-4432-9646-8F0DE41F3168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF41053-E778-4000-9BE5-3F538A78AA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E213BA2-5D21-4A58-8E32-1168A9108C94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en LOCKON EC-CUBE 2.11.0 a la 2.12.3enP2 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2313",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-29T19:55:01.603",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN00985872/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://svn.ec-cube.net/open_trac/changeset/22804"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://svn.ec-cube.net/open_trac/changeset/22805"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN00985872/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.ec-cube.net/open_trac/changeset/22804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.ec-cube.net/open_trac/changeset/22805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-22 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | * | |
| lockon | ec-cube | 2.4.0 | |
| lockon | ec-cube | 2.4.0 | |
| lockon | ec-cube | 2.4.1 | |
| lockon | ec-cube | 2.4.2 | |
| lockon | ec-cube | 2.4.3 | |
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.1 | |
| lockon | ec-cube | 2.11.2 | |
| lockon | ec-cube | 2.11.3 | |
| lockon | ec-cube | 2.11.4 | |
| lockon | ec-cube | 2.11.5 | |
| lockon | ec-cube | 2.12.0 | |
| lockon | ec-cube | 2.12.1 | |
| lockon | ec-cube | 2.12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9F06AA-3D2A-41B1-91DF-B19F0AEBE660",
"versionEndIncluding": "2.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF341A1B-2FFF-46B1-82E5-883681F3467C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54999245-399B-4535-8F2C-1F19CB06A053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FEF399-9399-4F4D-B866-763695F09ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2194828B-243E-49A2-8D71-B61B6C440FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34B1FC17-8F5F-4B35-AB42-01A77BB87EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A85840E-73A5-411D-912A-A1CEA7852904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C34FB238-1A64-4CBB-AAF6-FDE6BA90A096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors."
},
{
"lang": "es",
"value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php en LOCKON EC-CUBE 2.4.4 y anteriores versiones, y 2.11.0 hasta la versi\u00f3n 2.12.2, permite a atacantes remotos modificar datos a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2014-0807",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-22T21:55:03.683",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN17849447/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN17849447/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-21 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL data/class/SC_Query.php en EC-CUBE v2.11.0 hasta v2.11.2 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-3988",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-21T18:55:00.913",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN44496332/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/76399"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46446"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/ticket/1502"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "http://www.ec-cube.net/release/detail.php?release_id=286"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/50140"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN44496332/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/76399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/ticket/1502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ec-cube.net/release/detail.php?release_id=286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-29 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lockon | ec-cube | 2.11.0 | |
| lockon | ec-cube | 2.11.1 | |
| lockon | ec-cube | 2.11.2 | |
| lockon | ec-cube | 2.11.3 | |
| lockon | ec-cube | 2.11.4 | |
| lockon | ec-cube | 2.11.5 | |
| lockon | ec-cube | 2.12.0 | |
| lockon | ec-cube | 2.12.1 | |
| lockon | ec-cube | 2.12.2 | |
| lockon | ec-cube | 2.12.3 | |
| lockon | ec-cube | 2.12.3en | |
| lockon | ec-cube | 2.12.3enp1 | |
| lockon | ec-cube | 2.12.3enp2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2187D-3860-4432-9646-8F0DE41F3168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF41053-E778-4000-9BE5-3F538A78AA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E213BA2-5D21-4A58-8E32-1168A9108C94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request."
},
{
"lang": "es",
"value": "data/class/pages/forgot/LC_Page_Forgot.php en LOCKON EC-CUBE v2.11.0 hasta v2.12.3enP2 no valida correctamente la entrada a la funci\u00f3n de recordatorio de contrase\u00f1a, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud manipulada."
}
],
"id": "CVE-2013-2315",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-29T19:55:01.697",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://svn.ec-cube.net/open_trac/changeset/22580"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.ec-cube.net/open_trac/changeset/22580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-30 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D5763-00DB-4F7E-AA08-1A2AA3070B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3en:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2187D-3860-4432-9646-8F0DE41F3168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF41053-E778-4000-9BE5-3F538A78AA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.3enp2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E213BA2-5D21-4A58-8E32-1168A9108C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43325D17-36C5-41DC-B343-2E647A4246AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.4en:*:*:*:*:*:*:*",
"matchCriteriaId": "C84115A8-8F65-4E6D-B77E-C14F83E5FB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "930A679D-FC06-439E-B028-1F8658FC0B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.5en:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0D2972-74A9-45FE-BE17-DEDD24A8B704",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en la funci\u00f3n doApiAction en data/class/api/SC_Api_Operation.php en LOCKON EC-CUBE 2.12.0 a la 2.12.5 sobre Windows, permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de vectores que involucran (1) Operation, (2) Service, (3) Style, (4) Validate, o (5) valor de Version."
}
],
"id": "CVE-2013-4702",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-30T21:55:09.783",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN15973066/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/96756"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN15973066/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-22 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A85840E-73A5-411D-912A-A1CEA7852904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C34FB238-1A64-4CBB-AAF6-FDE6BA90A096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D261CC2-F7E5-437E-884B-D25C72F939C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1710AF-A87A-4970-BF19-481040A7524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C72DED8-1073-47A9-B089-84E3ABC96401",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users\u0027 information by sending a crafted HTTP request."
},
{
"lang": "es",
"value": "La funci\u00f3n IfCheckError en data/class/pages/shopping/LC_Page_Shopping_Multiple.php de LOCKON EC-CUBE 2.11.0 hasta la versi\u00f3n 2.12.2 permite a atacantes remotos obtener informaci\u00f3n de env\u00edo sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0808",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2014-01-22T21:55:03.717",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN51770585/"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://ec-orange.jp/"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://jvn.jp/en/jp/JVN15637138/"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN51770585/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ec-orange.jp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jvn.jp/en/jp/JVN15637138/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-566"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-21 04:40
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E68F4-EC08-4A33-8CD2-9B854E51A6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A85840E-73A5-411D-912A-A1CEA7852904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C34FB238-1A64-4CBB-AAF6-FDE6BA90A096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0C6C78-3FD3-4AA3-95B0-CF798396E802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "933ADEC5-451B-4DAA-AB23-7CD8A9A64954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFDD02C-56D4-480E-8FF3-E4B63554CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BC181-D123-460C-9BF8-6B8FB800697C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lockon:ec-cube:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A7B5-639C-4390-B91E-BEC404B5ED1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funci\u00f3n displaySystemError en html/handle_error.php de LOCKON EC-CUBE 2.11.0 hasta la versi\u00f3n 2.11.5 permite a atacantes remotos inyectar script web o HTML arbitrario mediante el aprovechamiento de un manejo incorrecto en la salida de los mensajes de error."
}
],
"id": "CVE-2013-5992",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-21T04:40:58.987",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN38790987/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN38790987/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}