What is CVE-2013-3651?

CVE-2013-3651 is a vulnerability in Lockon Ec-cube, classified under Code Injection. Published 2013-06-30.

Is CVE-2013-3651 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Lockon Ec-cube

CVE-2013-3651

LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.089 (92.7th percentile) — read the EPSS interpretation.

Affected products

Lockon Ec-cube — versions 2.11.2, 2.11.3, 2.11.4
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

vultures@jpcert.or.jp (x_refsource_CONFIRM)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Vendor Advisory)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Vendor Advisory)
JVN#34900750 (x_refsource_JVN, third-party-advisory)
JVNDB-2013-000062 (x_refsource_JVNDB, third-party-advisory)

Frequently asked questions

What is CVE-2013-3651?: CVE-2013-3651 is a vulnerability in Lockon Ec-cube, classified under Code Injection. Published 2013-06-30.
Is CVE-2013-3651 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.