Vulnerabilities > Lockon > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-20 CVE-2018-0564 Session Fixation vulnerability in Lockon Ec-Cube
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors.
network
lockon CWE-384
5.8
2016-04-30 CVE-2016-1201 Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.
network
lockon CWE-352
6.8
2016-04-30 CVE-2016-1200 Improper Access Control vulnerability in Lockon Ec-Cube 3.0.7/3.0.8/3.0.9
The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.
network
low complexity
lockon CWE-284
6.5
2016-04-30 CVE-2016-1199 Information Exposure vulnerability in Lockon Ec-Cube
The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
network
low complexity
lockon CWE-200
5.0
2015-10-27 CVE-2015-5665 Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
network
high complexity
lockon CWE-352
5.1
2014-01-22 CVE-2014-0807 Access Security Bypass vulnerability in EC-CUBE
data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.
network
low complexity
lockon
6.4
2013-11-21 CVE-2013-5996 Cross-Site Scripting vulnerability in Lockon Ec-Cube
Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.
network
lockon CWE-79
4.3
2013-11-21 CVE-2013-5995 Information Exposure vulnerability in Lockon Ec-Cube
data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.
network
low complexity
lockon CWE-200
5.5
2013-11-21 CVE-2013-5994 Information Exposure vulnerability in Lockon Ec-Cube
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
network
low complexity
lockon CWE-200
5.0
2013-11-21 CVE-2013-5993 Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.
network
lockon CWE-352
6.8