Lockon

Ec-cube

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2018-0564

  • EPSS 0.65%
  • Veröffentlicht 20.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:29

Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3....

8.8

CVE-2016-1201

  • EPSS 0.13%
  • Veröffentlicht 30.04.2016 10:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.

6.5

CVE-2016-1200

  • EPSS 0.24%
  • Veröffentlicht 30.04.2016 10:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.

5.3

CVE-2016-1199

  • EPSS 0.23%
  • Veröffentlicht 30.04.2016 10:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.

5.1

CVE-2015-5665

  • EPSS 0.15%
  • Veröffentlicht 27.10.2015 02:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.

5

CVE-2014-0808

  • EPSS 0.39%
  • Veröffentlicht 22.01.2014 21:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' ...

6.4

CVE-2014-0807

Exploit
  • EPSS 0.53%
  • Veröffentlicht 22.01.2014 21:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.

4.3

CVE-2013-5996

Exploit
  • EPSS 0.26%
  • Veröffentlicht 21.11.2013 04:40:59
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.

5.5

CVE-2013-5995

Exploit
  • EPSS 0.22%
  • Veröffentlicht 21.11.2013 04:40:59
  • Zuletzt bearbeitet 11.04.2025 00:51:21

data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.

5

CVE-2013-5994

Exploit
  • EPSS 0.32%
  • Veröffentlicht 21.11.2013 04:40:59
  • Zuletzt bearbeitet 11.04.2025 00:51:21

data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.