Vulnerabilities > Lockon > EC Cube > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-30 | CVE-2013-3651 | Code Injection vulnerability in Lockon Ec-Cube LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php. | 7.5 |
| 2011-10-21 | CVE-2011-3988 | SQL Injection vulnerability in Lockon Ec-Cube 2.11.0/2.11.1/2.11.2 SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |