Lucene search

[email protected]NVD:CVE-2013-3650

HistoryJun 30, 2013 - 7:28 p.m.

CVE-2013-3650

2013-06-3019:28:04

CWE-22

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.6%

JSON

Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654.

Affected configurations

NVD

Node

lockonec-cubeRange≤2.12.4

lockonec-cubeMatch2.12.0

lockonec-cubeMatch2.12.1

lockonec-cubeMatch2.12.2

lockonec-cubeMatch2.12.3

References

jvn.jp/en/jp/JVN43886811/index.html

jvndb.jvn.jp/jvndb/JVNDB-2013-000061

svn.ec-cube.net/open_trac/changeset/22863

www.ec-cube.net/info/weakness/20130626/index.php

www.ec-cube.net/info/weakness/weakness.php?id=48

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for NVD:CVE-2013-3650

cve2 prion2 nvd1 cvelist2 jvn2