lockon CVE 脆弱性と CVE 一覧(26)

製品(CPE): — CVE 件数: 26

lockon 脆弱性概要

lockon 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は パス処理の欠陥、vendor risk csrf, and vendor risk sql injection に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で ファイル上書き and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 26 CVE 件数
«« 先頭 « 前へ 1 / 2 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2018-0564 Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors. [email protected] 8.1 1.54% 2018-04-20 2026-06-16
CVE-2016-1201 Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. [email protected] 8.8 0.64% 2016-04-30 2026-06-16
CVE-2016-1200 The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. [email protected] 6.3 0.90% 2016-04-30 2026-06-16
CVE-2016-1199 The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. [email protected] 5.3 1.30% 2016-04-30 2026-06-16
CVE-2015-5665 Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function. [email protected] 5.1 0.65% 2015-10-26 2026-06-16
CVE-2014-0808 Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. [email protected] 9.1 2.25% 2014-01-22 2026-06-16
CVE-2014-0807 data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors. [email protected] 6.4 1.57% 2014-01-22 2026-06-16
CVE-2013-5996 Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values. [email protected] 4.3 1.88% 2013-11-20 2026-06-16
CVE-2013-5995 data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses. [email protected] 5.5 1.17% 2013-11-20 2026-06-16
CVE-2013-5994 data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. [email protected] 5.0 1.50% 2013-11-20 2026-06-16
CVE-2013-5993 Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals. [email protected] 6.8 1.08% 2013-11-20 2026-06-16
CVE-2013-5992 Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output. [email protected] 4.3 1.21% 2013-11-20 2026-06-16
CVE-2013-5991 The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output. [email protected] 4.3 1.31% 2013-11-20 2026-06-16
CVE-2013-4702 Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value. [email protected] 5.0 2.10% 2013-08-30 2026-06-16
CVE-2013-3653 Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652. [email protected] 4.3 1.79% 2013-06-30 2026-06-16
CVE-2013-3652 Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653. [email protected] 4.3 5.93% 2013-06-30 2026-06-16
CVE-2013-3654 Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650. [email protected] 5.0 1.86% 2013-06-30 2026-06-16
CVE-2013-3651 LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php. [email protected] 7.5 4.29% 2013-06-30 2026-06-16
CVE-2013-3650 Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654. [email protected] 5.0 1.86% 2013-06-30 2026-06-16
CVE-2013-2315 data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request. [email protected] 5.0 1.37% 2013-05-29 2026-06-16
«« 先頭 « 前へ 1 / 2 次へ »
cvelogic Threat Intelligence