Vulnerabilities > Lockon > EC Cube > 1.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-01-22 | CVE-2014-0807 | Access Security Bypass vulnerability in EC-CUBE data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors. | 6.4 |
2013-06-30 | CVE-2013-3653 | Cross-Site Scripting vulnerability in Lockon Ec-Cube Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652. | 4.3 |
2013-06-30 | CVE-2013-3650 | Path Traversal vulnerability in Lockon Ec-Cube Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654. | 5.0 |
2011-05-13 | CVE-2011-1325 | Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 5.8 |
2011-02-03 | CVE-2011-0451 | Cross-Site Scripting vulnerability in Lockon Ec-Cube Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |