4 matches found
CVE-2022-25355
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators...
CVE-2016-1201
Cross-site request forgery CSRF vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators...
CVE-2016-1201
Vulnerability summary: CVE-2016-1201 is a cross-site request forgery (CSRF) bug in EC-CUBE.6,7 The connected sources confirm affected product EC-CUBE (LOCKON) versions 3.0.0 through 3.0.9, where an attacker can cause an administrator’s session to perform unintended actions when visiting a malicio...