Path Traversal in Lockon Ec-cube

CVE-2013-3650

Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter t…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.003 (55.4th percentile) — read the EPSS interpretation.

Affected products

  • Lockon Ec-cube — versions 2.12.0, 2.12.1, 2.12.2
  • N/a — versions n/a

Weakness classification (CWE)

References