Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ec-cube vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-1201
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 up to and including 3.0.9 allows remote malicious users to hijack the authentication of administrators.
Lockon Ec-cube 3.0.4
Lockon Ec-cube 3.0.3
Lockon Ec-cube 3.0.2
Lockon Ec-cube 3.0.1
Lockon Ec-cube 3.0.6
Lockon Ec-cube 3.0.5
Lockon Ec-cube 3.0.9
Lockon Ec-cube 3.0.8
Lockon Ec-cube 3.0.7
Lockon Ec-cube 3.0.0
NA
CVE-2013-3651
LOCKON EC-CUBE 2.11.2 up to and including 2.12.4 allows remote malicious users to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.
Lockon Ec-cube 2.12.3
Lockon Ec-cube 2.12.4
Lockon Ec-cube 2.11.5
Lockon Ec-cube 2.12.1
Lockon Ec-cube 2.11.2
Lockon Ec-cube 2.11.3
Lockon Ec-cube 2.11.4
Lockon Ec-cube 2.12.0
Lockon Ec-cube 2.12.2
1 Github repository
NA
CVE-2014-0808
The lfCheckError function in data/class/pages/shopping/LC_Page_Shopping_Multiple.php in LOCKON EC-CUBE 2.11.0 up to and including 2.12.2 allows remote malicious users to obtain sensitive shipping information via unspecified vectors.
Lockon Ec-cube 2.11.1
Lockon Ec-cube 2.11.2
Lockon Ec-cube 2.11.3
Lockon Ec-cube 2.11.4
Lockon Ec-cube 2.11.0
Lockon Ec-cube 2.11.5
Lockon Ec-cube 2.12.1
Lockon Ec-cube 2.12.0
Lockon Ec-cube 2.12.2
NA
CVE-2013-5991
The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 up to and including 2.11.5 allows remote malicious users to obtain sensitive information by leveraging incorrect handling of error-log output.
Lockon Ec-cube 2.11.0
Lockon Ec-cube 2.11.5
Lockon Ec-cube 2.11.1
Lockon Ec-cube 2.11.2
Lockon Ec-cube 2.11.3
Lockon Ec-cube 2.11.4
NA
CVE-2013-5992
Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 up to and including 2.11.5 allows remote malicious users to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.
Lockon Ec-cube 2.11.1
Lockon Ec-cube 2.11.2
Lockon Ec-cube 2.11.3
Lockon Ec-cube 2.11.4
Lockon Ec-cube 2.11.0
Lockon Ec-cube 2.11.5
NA
CVE-2013-3653
Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE prior to 2.12.5 allow remote malicious users to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability th...
Lockon Ec-cube 2.12.0
Lockon Ec-cube 2.12.1
Lockon Ec-cube 2.12.2
Lockon Ec-cube 2.12.3
Lockon Ec-cube
NA
CVE-2013-3650
Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE prior to 2.12.5 allows remote malicious users to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different v...
Lockon Ec-cube 2.12.0
Lockon Ec-cube 2.12.2
Lockon Ec-cube
Lockon Ec-cube 2.12.1
Lockon Ec-cube 2.12.3
NA
CVE-2013-3654
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 up to and including 2.12.4 allows remote malicious users to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.
Lockon Ec-cube 2.12.0
Lockon Ec-cube 2.12.1
Lockon Ec-cube 2.12.3
Lockon Ec-cube 2.12.2
Lockon Ec-cube 2.12.4
6.5
CVSSv3
CVE-2021-20841
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated malicious user to bypass access restriction and to alter System settings via unspecified vectors.
Ec-cube Ec-cube
5.4
CVSSv3
CVE-2022-38975
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote malicious user to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page.
Ec-cube Ec-cube
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »