Lockon : Security Vulnerabilities, CVEs, (Information Leak)
The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
Max CVSS
5.3
EPSS Score
0.44%
Published
2016-04-30
Updated
2016-05-06
data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.
Max CVSS
5.5
EPSS Score
0.14%
Published
2013-11-21
Updated
2013-11-21
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
Max CVSS
5.0
EPSS Score
0.33%
Published
2013-11-21
Updated
2013-11-21
The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.
Max CVSS
4.3
EPSS Score
0.35%
Published
2013-11-21
Updated
2013-11-21
4 vulnerabilities found