Path Traversal in Lockon Ec-cube

CVE-2013-3654

Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.003 (55.4th percentile) — read the EPSS interpretation.

Affected products

  • Lockon Ec-cube — versions 2.12.0, 2.12.1, 2.12.2
  • N/a — versions n/a

Weakness classification (CWE)

References