Lucene search

[email protected]CVE-2013-3654

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3654

2022-10-0316:14:44

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-3654

directory traversal vulnerability

lockon ec-cube

remote attackers

arbitrary image files

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.5%

JSON

Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.

Affected configurations

NVD

Node

lockonec-cubeMatch2.12.0

lockonec-cubeMatch2.12.1

lockonec-cubeMatch2.12.2

lockonec-cubeMatch2.12.3

lockonec-cubeMatch2.12.4

CPENameOperatorVersion
lockon:ec-cubelockon ec-cubeeq2.12.0
lockon:ec-cubelockon ec-cubeeq2.12.1
lockon:ec-cubelockon ec-cubeeq2.12.2
lockon:ec-cubelockon ec-cubeeq2.12.3
lockon:ec-cubelockon ec-cubeeq2.12.4

CPE	Name	Operator	Version
lockon:ec-cube	lockon ec-cube	eq	2.12.0
lockon:ec-cube	lockon ec-cube	eq	2.12.1
lockon:ec-cube	lockon ec-cube	eq	2.12.2
lockon:ec-cube	lockon ec-cube	eq	2.12.3
lockon:ec-cube	lockon ec-cube	eq	2.12.4

References

jvn.jp/en/jp/JVN04161229/index.html

jvndb.jvn.jp/jvndb/JVNDB-2013-000065

svn.ec-cube.net/open_trac/changeset/22891

www.ec-cube.net/info/weakness/20130626/index.php

www.ec-cube.net/info/weakness/weakness.php?id=45

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.5%

JSON

Related for CVE-2013-3654

cvelist2 prion2 nvd2 cve1 jvn2