Lucene search
K

27 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/11/28 12:0 a.m.122 views

JVN#25359688: EC-CUBE vulnerable to open redirect

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted page, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a...

6.1CVSS6.1AI score0.01297EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/17 12:0 a.m.64 views

JVN#52695336: EC-CUBE vulnerable to session fixation

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability CWE-384. Impact A remote attacker impersonating a logged in user may perform an unintended operation with the user's privilege. Solution Update the Softwa...

8.1CVSS8AI score0.01525EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/26 12:0 a.m.34 views

JVN#11458774: EC-CUBE fails to restrict access permissions

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Impact A logged in attacker may bypass access restrictions, or delete access restriction settings. Solution Apply the update or the patch Apply the update or the pat...

6.5CVSS5.4AI score0.009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/26 12:0 a.m.32 views

JVN#97278546: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page, arbitrary PHP code may be executed on the server. Solution Update or apply the patch Update to the...

5.1CVSS6.8AI score0.00646EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/22 12:0 a.m.29 views

JVN#17849447: EC-CUBE vulnerable to information alteration

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability. Impact User's information may be altered by other user who visits the shopping site. Solution Apply the update or the patch Apply the update or the patch...

6.4CVSS6.3AI score0.01569EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/11/20 12:0 a.m.30 views

JVN#06377589: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update or the patch Apply the update or the patch according to the...

4.3CVSS6AI score0.01883EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/11/20 12:0 a.m.26 views

JVN#61077110: EC-CUBE vulnerable to information disclosure

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure. Impact A user who visits the shopping site may view the information managed by the website owner...

4.3CVSS6AI score0.01309EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/08/30 12:0 a.m.22 views

JVN#15973066: EC-CUBE vulnerable to directory traversal when used in Windows

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability when used in Windows. Impact A remote attacker may obtain arbitrary files on the server. Solution Apply the update or patch Apply the update or patch accordin...

5CVSS6.6AI score0.02098EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.36 views

JVN#04161229: EC-CUBE vulnerable to directory traversal

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN43886811. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...

5CVSS6.4AI score0.01862EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.26 views

JVN#98665228: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

4.3CVSS5.7AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.33 views

JVN#43886811: EC-CUBE vulnerable to directory traversal

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...

5CVSS6.3AI score0.01862EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.39 views

JVN#34900750: EC-CUBE vulnerable to code injection

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Apply the update or patch Apply the updat...

7.5CVSS6.9AI score0.04285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.30 views

JVN#07192063: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

4.3CVSS5.8AI score0.05932EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/23 12:0 a.m.29 views

JVN#39699406: EC-CUBE vulnerable to information disclosure as a result of improper input checking

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue with checking input values, which may result in information disclosure. Impact A remote, unauthenticated attacker may obtain information stored in the product. Solution Apply the update...

5CVSS6.2AI score0.01369EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/23 12:0 a.m.26 views

JVN#00985872: EC-CUBE vulnerable to session fixation

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability. Impact A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. Solution Apply the update or patch Apply...

4CVSS6.5AI score0.01869EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/23 12:0 a.m.22 views

JVN#45306814: EC-CUBE fails to restrict access permissions

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a URL handling issue in certain environments and as a result, access permissions are not restricted. Impact A remote, unauthenticated attacker may access the management screen. Solution Apply th...

4.3CVSS6.4AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/23 12:0 a.m.25 views

JVN#52552792: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Impact When a user accesses a specially crafted URL while there is an item in the shopping cart, a...

4.3CVSS6.3AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/10/14 12:0 a.m.36 views

JVN#44496332: EC-CUBE vulnerable to SQL injection

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue in assembling SQL statements, leading to a SQL injection vulnerability. This vulnerability is different from JVN81111541 and JVN19072922. Impact A remote, unauthenticated attacke...

7.5CVSS7AI score0.02334EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/05/10 12:0 a.m.38 views

JVN#37878530: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information stored within EC-CUBE may be altered. Solution Update the Software Apply t...

5.8CVSS6AI score0.0061EPSS
Exploits0
NVD
NVD
added 2008/11/06 7:29 p.m.13 views

CVE-2008-4991

SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter...

7.5CVSS8.4AI score0.01063EPSS
Exploits0References4
Rows per page
Query Builder