Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    52 vulnerabilities by lockon

    CVE-2018-0564 (GCVE-0-2018-0564)

    Vulnerability from cvelistv5 – Published: 2018-04-20 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Session fixation
    Assigner
    References
    URL Tags
    https://www.ec-cube.net/info/weakness/20180416/ x_refsource_CONFIRM
    http://jvn.jp/en/jp/JVN52695336/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    LOCKON CO.,LTD. EC-CUBE Affected: (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)
    Create a notification for this product.
    Date Public
    2018-04-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.120Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/20180416/"
              },
              {
                "name": "JVN#52695336",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN52695336/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EC-CUBE",
              "vendor": "LOCKON CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
                }
              ]
            }
          ],
          "datePublic": "2018-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Session fixation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-20T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/20180416/"
            },
            {
              "name": "JVN#52695336",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN52695336/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0564",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EC-CUBE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "LOCKON CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Session fixation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ec-cube.net/info/weakness/20180416/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/20180416/"
                },
                {
                  "name": "JVN#52695336",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN52695336/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0564",
        "datePublished": "2018-04-20T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1201 (GCVE-0-2016-1201)

    Vulnerability from cvelistv5 – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/90515 vdb-entryx_refsource_BID
    http://www.ec-cube.net/info/weakness/weakness.php?id=67 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN73776243/index.html third-party-advisoryx_refsource_JVN
    https://www.ec-cube.net/info/weakness/201604/ x_refsource_CONFIRM
    Date Public
    2016-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "90515",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90515"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
              },
              {
                "name": "JVNDB-2016-000053",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
              },
              {
                "name": "JVN#73776243",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73776243/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/201604/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "90515",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90515"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
            },
            {
              "name": "JVNDB-2016-000053",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
            },
            {
              "name": "JVN#73776243",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73776243/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/201604/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1201",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "90515",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90515"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=67",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
                },
                {
                  "name": "JVNDB-2016-000053",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
                },
                {
                  "name": "JVN#73776243",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73776243/index.html"
                },
                {
                  "name": "https://www.ec-cube.net/info/weakness/201604/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/201604/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1201",
        "datePublished": "2016-04-30T10:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1200 (GCVE-0-2016-1200)

    Vulnerability from cvelistv5 – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/90503 vdb-entryx_refsource_BID
    http://jvn.jp/en/jp/JVN11458774/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052 third-party-advisoryx_refsource_JVNDB
    https://www.ec-cube.net/info/weakness/201604/ x_refsource_CONFIRM
    http://www.ec-cube.net/info/weakness/weakness.php?id=66 x_refsource_CONFIRM
    Date Public
    2016-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "90503",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90503"
              },
              {
                "name": "JVN#11458774",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN11458774/index.html"
              },
              {
                "name": "JVNDB-2016-000052",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/201604/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "90503",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90503"
            },
            {
              "name": "JVN#11458774",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN11458774/index.html"
            },
            {
              "name": "JVNDB-2016-000052",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/201604/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1200",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "90503",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90503"
                },
                {
                  "name": "JVN#11458774",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN11458774/index.html"
                },
                {
                  "name": "JVNDB-2016-000052",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
                },
                {
                  "name": "https://www.ec-cube.net/info/weakness/201604/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/201604/"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=66",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1200",
        "datePublished": "2016-04-30T10:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1199 (GCVE-0-2016-1199)

    Vulnerability from cvelistv5 – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN47473944/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051 third-party-advisoryx_refsource_JVNDB
    http://www.ec-cube.net/info/weakness/weakness.php?id=65 x_refsource_CONFIRM
    https://www.ec-cube.net/info/weakness/201604/ x_refsource_CONFIRM
    Date Public
    2016-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#47473944",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN47473944/index.html"
              },
              {
                "name": "JVNDB-2016-000051",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/201604/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-30T01:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#47473944",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN47473944/index.html"
            },
            {
              "name": "JVNDB-2016-000051",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/201604/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1199",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#47473944",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN47473944/index.html"
                },
                {
                  "name": "JVNDB-2016-000051",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=65",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
                },
                {
                  "name": "https://www.ec-cube.net/info/weakness/201604/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/201604/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1199",
        "datePublished": "2016-04-30T10:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5665 (GCVE-0-2015-5665)

    Vulnerability from cvelistv5 – Published: 2015-10-27 01:00 – Updated: 2024-08-06 06:59
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ec-cube.net/info/weakness/weakness.php?id=63 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN97278546/index.html third-party-advisoryx_refsource_JVN
    https://www.ec-cube.net/info/weakness/201510_01/ x_refsource_CONFIRM
    Date Public
    2015-10-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:59:03.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
              },
              {
                "name": "JVNDB-2015-000166",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
              },
              {
                "name": "JVN#97278546",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN97278546/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/201510_01/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-10-27T01:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
            },
            {
              "name": "JVNDB-2015-000166",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
            },
            {
              "name": "JVN#97278546",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN97278546/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/201510_01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2015-5665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=63",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
                },
                {
                  "name": "JVNDB-2015-000166",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
                },
                {
                  "name": "JVN#97278546",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN97278546/index.html"
                },
                {
                  "name": "https://www.ec-cube.net/info/weakness/201510_01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/201510_01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2015-5665",
        "datePublished": "2015-10-27T01:00:00.000Z",
        "dateReserved": "2015-07-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:59:03.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0808 (GCVE-0-2014-0808)

    Vulnerability from cvelistv5 – Published: 2014-01-22 21:00 – Updated: 2024-08-06 09:27
    VLAI
    Summary
    Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Authorization Bypass Through User-Controlled Key
    • CWE-566 - Authorization Bypass Through User-Controlled SQL Primary Key
    Assigner
    Impacted products
    Vendor Product Version
    EC-CUBE CO.,LTD. EC-CUBE Affected: 2.11.0 through 2.12.2
    Create a notification for this product.
    S‑cubism Inc. EC-Orange Affected: systems deployed before June 29th
    Affected: 2015
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-0808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T14:04:20.266694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-566",
                    "description": "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T14:07:16.517Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:20.153Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN51770585/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ec-orange.jp/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN15637138/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EC-CUBE",
              "vendor": "EC-CUBE CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.11.0 through 2.12.2"
                }
              ]
            },
            {
              "product": "EC-Orange",
              "vendor": "S\u2011cubism Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "systems deployed before June 29th"
                },
                {
                  "status": "affected",
                  "version": "2015"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users\u0027 information by sending a crafted HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T05:17:08.940Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
            },
            {
              "url": "http://jvn.jp/en/jp/JVN51770585/"
            },
            {
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
            },
            {
              "url": "https://ec-orange.jp/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN15637138/"
            },
            {
              "url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-0808",
        "datePublished": "2014-01-22T21:00:00.000Z",
        "dateReserved": "2014-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:27:20.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0807 (GCVE-0-2014-0807)

    Vulnerability from cvelistv5 – Published: 2014-01-22 21:00 – Updated: 2024-08-06 09:27
    VLAI
    Summary
    data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ec-cube.net/info/weakness/weakness.php?id=56 x_refsource_CONFIRM
    http://jvn.jp/en/jp/JVN17849447/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005 third-party-advisoryx_refsource_JVNDB
    Date Public
    2014-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:20.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
              },
              {
                "name": "JVN#17849447",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN17849447/index.html"
              },
              {
                "name": "JVNDB-2014-000005",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-01-22T21:57:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
            },
            {
              "name": "JVN#17849447",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN17849447/index.html"
            },
            {
              "name": "JVNDB-2014-000005",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2014-0807",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=56",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
                },
                {
                  "name": "JVN#17849447",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN17849447/index.html"
                },
                {
                  "name": "JVNDB-2014-000005",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-0807",
        "datePublished": "2014-01-22T21:00:00.000Z",
        "dateReserved": "2014-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:27:20.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5992 (GCVE-0-2013-5992)

    Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ec-cube.net/info/weakness/weakness.php?id=54 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN38790987/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
              },
              {
                "name": "JVNDB-2013-000105",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
              },
              {
                "name": "JVN#38790987",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN38790987/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
            },
            {
              "name": "JVNDB-2013-000105",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
            },
            {
              "name": "JVN#38790987",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN38790987/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5992",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=54",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
                },
                {
                  "name": "JVNDB-2013-000105",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
                },
                {
                  "name": "JVN#38790987",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN38790987/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5992",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5991 (GCVE-0-2013-5991)

    Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN61077110/index.html third-party-advisoryx_refsource_JVN
    http://www.ec-cube.net/info/weakness/weakness.php?id=54 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104 third-party-advisoryx_refsource_JVNDB
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:41.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#61077110",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN61077110/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
              },
              {
                "name": "JVNDB-2013-000104",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#61077110",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN61077110/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
            },
            {
              "name": "JVNDB-2013-000104",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5991",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#61077110",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN61077110/index.html"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=54",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
                },
                {
                  "name": "JVNDB-2013-000104",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5991",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:41.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5996 (GCVE-0-2013-5996)

    Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN06377589/index.html third-party-advisoryx_refsource_JVN
    http://www.ec-cube.net/info/weakness/weakness.php?id=55 x_refsource_CONFIRM
    http://svn.ec-cube.net/open_trac/changeset/23275 x_refsource_CONFIRM
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2013-000107",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
              },
              {
                "name": "JVN#06377589",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN06377589/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/23275"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2013-000107",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
            },
            {
              "name": "JVN#06377589",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN06377589/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/23275"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5996",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2013-000107",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
                },
                {
                  "name": "JVN#06377589",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN06377589/index.html"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=55",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/23275",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/23275"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5996",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5994 (GCVE-0-2013-5994)

    Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN06870202/index.html third-party-advisoryx_refsource_JVN
    http://svn.ec-cube.net/open_trac/changeset/23278 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098 third-party-advisoryx_refsource_JVNDB
    http://www.ec-cube.net/info/weakness/weakness.php?id=52 x_refsource_CONFIRM
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#06870202",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN06870202/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/23278"
              },
              {
                "name": "JVNDB-2013-000098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#06870202",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN06870202/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/23278"
            },
            {
              "name": "JVNDB-2013-000098",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5994",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#06870202",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN06870202/index.html"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/23278",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/23278"
                },
                {
                  "name": "JVNDB-2013-000098",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=52",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5994",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5995 (GCVE-0-2013-5995)

    Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN55630933/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106 third-party-advisoryx_refsource_JVNDB
    http://www.ec-cube.net/info/weakness/weakness.php?id=51 x_refsource_CONFIRM
    http://svn.ec-cube.net/open_trac/changeset/23274 x_refsource_CONFIRM
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#55630933",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN55630933/index.html"
              },
              {
                "name": "JVNDB-2013-000106",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/23274"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#55630933",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN55630933/index.html"
            },
            {
              "name": "JVNDB-2013-000106",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/23274"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5995",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#55630933",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN55630933/index.html"
                },
                {
                  "name": "JVNDB-2013-000106",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=51",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/23274",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/23274"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5995",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5993 (GCVE-0-2013-5993)

    Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN11221613/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097 third-party-advisoryx_refsource_JVNDB
    http://www.ec-cube.net/info/weakness/weakness.php?id=53 x_refsource_CONFIRM
    http://svn.ec-cube.net/open_trac/changeset/23277 x_refsource_CONFIRM
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#11221613",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN11221613/index.html"
              },
              {
                "name": "JVNDB-2013-000097",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/23277"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#11221613",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN11221613/index.html"
            },
            {
              "name": "JVNDB-2013-000097",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/23277"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5993",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#11221613",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN11221613/index.html"
                },
                {
                  "name": "JVNDB-2013-000097",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=53",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/23277",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/23277"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5993",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4702 (GCVE-0-2013-4702)

    Vulnerability from cvelistv5 – Published: 2013-08-30 21:00 – Updated: 2024-08-06 16:52
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/96756 vdb-entryx_refsource_OSVDB
    http://jvn.jp/en/jp/JVN15973066/index.html third-party-advisoryx_refsource_JVN
    http://www.ec-cube.net/info/weakness/weakness.php?id=50 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081 third-party-advisoryx_refsource_JVNDB
    http://svn.ec-cube.net/open_trac/changeset/22891 x_refsource_CONFIRM
    http://www.ec-cube.net/info/weakness/20130829/index.php x_refsource_CONFIRM
    Date Public
    2013-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:52:27.004Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96756",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/96756"
              },
              {
                "name": "JVN#15973066",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN15973066/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
              },
              {
                "name": "JVNDB-2013-000081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/22891"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-09-12T09:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "96756",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/96756"
            },
            {
              "name": "JVN#15973066",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN15973066/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
            },
            {
              "name": "JVNDB-2013-000081",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/22891"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-4702",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96756",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/96756"
                },
                {
                  "name": "JVN#15973066",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN15973066/index.html"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=50",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
                },
                {
                  "name": "JVNDB-2013-000081",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/22891",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/22891"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/20130829/index.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-4702",
        "datePublished": "2013-08-30T21:00:00.000Z",
        "dateReserved": "2013-06-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:52:27.004Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0564 (GCVE-0-2018-0564)

    Vulnerability from nvd – Published: 2018-04-20 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Session fixation
    Assigner
    References
    URL Tags
    https://www.ec-cube.net/info/weakness/20180416/ x_refsource_CONFIRM
    http://jvn.jp/en/jp/JVN52695336/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    LOCKON CO.,LTD. EC-CUBE Affected: (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)
    Create a notification for this product.
    Date Public
    2018-04-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.120Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/20180416/"
              },
              {
                "name": "JVN#52695336",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN52695336/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EC-CUBE",
              "vendor": "LOCKON CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
                }
              ]
            }
          ],
          "datePublic": "2018-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Session fixation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-20T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/20180416/"
            },
            {
              "name": "JVN#52695336",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN52695336/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0564",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EC-CUBE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "LOCKON CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Session fixation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ec-cube.net/info/weakness/20180416/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/20180416/"
                },
                {
                  "name": "JVN#52695336",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN52695336/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0564",
        "datePublished": "2018-04-20T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1201 (GCVE-0-2016-1201)

    Vulnerability from nvd – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/90515 vdb-entryx_refsource_BID
    http://www.ec-cube.net/info/weakness/weakness.php?id=67 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN73776243/index.html third-party-advisoryx_refsource_JVN
    https://www.ec-cube.net/info/weakness/201604/ x_refsource_CONFIRM
    Date Public
    2016-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "90515",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90515"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
              },
              {
                "name": "JVNDB-2016-000053",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
              },
              {
                "name": "JVN#73776243",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73776243/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/201604/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "90515",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90515"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
            },
            {
              "name": "JVNDB-2016-000053",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
            },
            {
              "name": "JVN#73776243",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73776243/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/201604/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1201",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "90515",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90515"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=67",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
                },
                {
                  "name": "JVNDB-2016-000053",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
                },
                {
                  "name": "JVN#73776243",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73776243/index.html"
                },
                {
                  "name": "https://www.ec-cube.net/info/weakness/201604/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/201604/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1201",
        "datePublished": "2016-04-30T10:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1200 (GCVE-0-2016-1200)

    Vulnerability from nvd – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/90503 vdb-entryx_refsource_BID
    http://jvn.jp/en/jp/JVN11458774/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052 third-party-advisoryx_refsource_JVNDB
    https://www.ec-cube.net/info/weakness/201604/ x_refsource_CONFIRM
    http://www.ec-cube.net/info/weakness/weakness.php?id=66 x_refsource_CONFIRM
    Date Public
    2016-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "90503",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90503"
              },
              {
                "name": "JVN#11458774",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN11458774/index.html"
              },
              {
                "name": "JVNDB-2016-000052",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/201604/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T19:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "90503",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90503"
            },
            {
              "name": "JVN#11458774",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN11458774/index.html"
            },
            {
              "name": "JVNDB-2016-000052",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/201604/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1200",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "90503",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90503"
                },
                {
                  "name": "JVN#11458774",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN11458774/index.html"
                },
                {
                  "name": "JVNDB-2016-000052",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
                },
                {
                  "name": "https://www.ec-cube.net/info/weakness/201604/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/201604/"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=66",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1200",
        "datePublished": "2016-04-30T10:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1199 (GCVE-0-2016-1199)

    Vulnerability from nvd – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN47473944/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051 third-party-advisoryx_refsource_JVNDB
    http://www.ec-cube.net/info/weakness/weakness.php?id=65 x_refsource_CONFIRM
    https://www.ec-cube.net/info/weakness/201604/ x_refsource_CONFIRM
    Date Public
    2016-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#47473944",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN47473944/index.html"
              },
              {
                "name": "JVNDB-2016-000051",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/201604/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-30T01:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#47473944",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN47473944/index.html"
            },
            {
              "name": "JVNDB-2016-000051",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/201604/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1199",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#47473944",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN47473944/index.html"
                },
                {
                  "name": "JVNDB-2016-000051",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=65",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
                },
                {
                  "name": "https://www.ec-cube.net/info/weakness/201604/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/201604/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1199",
        "datePublished": "2016-04-30T10:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5665 (GCVE-0-2015-5665)

    Vulnerability from nvd – Published: 2015-10-27 01:00 – Updated: 2024-08-06 06:59
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ec-cube.net/info/weakness/weakness.php?id=63 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN97278546/index.html third-party-advisoryx_refsource_JVN
    https://www.ec-cube.net/info/weakness/201510_01/ x_refsource_CONFIRM
    Date Public
    2015-10-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:59:03.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
              },
              {
                "name": "JVNDB-2015-000166",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
              },
              {
                "name": "JVN#97278546",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN97278546/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/info/weakness/201510_01/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-10-27T01:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
            },
            {
              "name": "JVNDB-2015-000166",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
            },
            {
              "name": "JVN#97278546",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN97278546/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ec-cube.net/info/weakness/201510_01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2015-5665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=63",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
                },
                {
                  "name": "JVNDB-2015-000166",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
                },
                {
                  "name": "JVN#97278546",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN97278546/index.html"
                },
                {
                  "name": "https://www.ec-cube.net/info/weakness/201510_01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.ec-cube.net/info/weakness/201510_01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2015-5665",
        "datePublished": "2015-10-27T01:00:00.000Z",
        "dateReserved": "2015-07-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:59:03.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0808 (GCVE-0-2014-0808)

    Vulnerability from nvd – Published: 2014-01-22 21:00 – Updated: 2024-08-06 09:27
    VLAI
    Summary
    Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Authorization Bypass Through User-Controlled Key
    • CWE-566 - Authorization Bypass Through User-Controlled SQL Primary Key
    Assigner
    Impacted products
    Vendor Product Version
    EC-CUBE CO.,LTD. EC-CUBE Affected: 2.11.0 through 2.12.2
    Create a notification for this product.
    S‑cubism Inc. EC-Orange Affected: systems deployed before June 29th
    Affected: 2015
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-0808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T14:04:20.266694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-566",
                    "description": "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T14:07:16.517Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:20.153Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN51770585/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ec-orange.jp/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN15637138/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EC-CUBE",
              "vendor": "EC-CUBE CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.11.0 through 2.12.2"
                }
              ]
            },
            {
              "product": "EC-Orange",
              "vendor": "S\u2011cubism Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "systems deployed before June 29th"
                },
                {
                  "status": "affected",
                  "version": "2015"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users\u0027 information by sending a crafted HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T05:17:08.940Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
            },
            {
              "url": "http://jvn.jp/en/jp/JVN51770585/"
            },
            {
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
            },
            {
              "url": "https://ec-orange.jp/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN15637138/"
            },
            {
              "url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-0808",
        "datePublished": "2014-01-22T21:00:00.000Z",
        "dateReserved": "2014-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:27:20.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0807 (GCVE-0-2014-0807)

    Vulnerability from nvd – Published: 2014-01-22 21:00 – Updated: 2024-08-06 09:27
    VLAI
    Summary
    data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ec-cube.net/info/weakness/weakness.php?id=56 x_refsource_CONFIRM
    http://jvn.jp/en/jp/JVN17849447/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005 third-party-advisoryx_refsource_JVNDB
    Date Public
    2014-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:20.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
              },
              {
                "name": "JVN#17849447",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN17849447/index.html"
              },
              {
                "name": "JVNDB-2014-000005",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-01-22T21:57:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
            },
            {
              "name": "JVN#17849447",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN17849447/index.html"
            },
            {
              "name": "JVNDB-2014-000005",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2014-0807",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=56",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
                },
                {
                  "name": "JVN#17849447",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN17849447/index.html"
                },
                {
                  "name": "JVNDB-2014-000005",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-0807",
        "datePublished": "2014-01-22T21:00:00.000Z",
        "dateReserved": "2014-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:27:20.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5996 (GCVE-0-2013-5996)

    Vulnerability from nvd – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN06377589/index.html third-party-advisoryx_refsource_JVN
    http://www.ec-cube.net/info/weakness/weakness.php?id=55 x_refsource_CONFIRM
    http://svn.ec-cube.net/open_trac/changeset/23275 x_refsource_CONFIRM
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2013-000107",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
              },
              {
                "name": "JVN#06377589",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN06377589/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/23275"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2013-000107",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
            },
            {
              "name": "JVN#06377589",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN06377589/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/23275"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5996",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2013-000107",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
                },
                {
                  "name": "JVN#06377589",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN06377589/index.html"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=55",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/23275",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/23275"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5996",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5995 (GCVE-0-2013-5995)

    Vulnerability from nvd – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN55630933/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106 third-party-advisoryx_refsource_JVNDB
    http://www.ec-cube.net/info/weakness/weakness.php?id=51 x_refsource_CONFIRM
    http://svn.ec-cube.net/open_trac/changeset/23274 x_refsource_CONFIRM
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#55630933",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN55630933/index.html"
              },
              {
                "name": "JVNDB-2013-000106",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/23274"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#55630933",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN55630933/index.html"
            },
            {
              "name": "JVNDB-2013-000106",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/23274"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5995",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#55630933",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN55630933/index.html"
                },
                {
                  "name": "JVNDB-2013-000106",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=51",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/23274",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/23274"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5995",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5994 (GCVE-0-2013-5994)

    Vulnerability from nvd – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN06870202/index.html third-party-advisoryx_refsource_JVN
    http://svn.ec-cube.net/open_trac/changeset/23278 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098 third-party-advisoryx_refsource_JVNDB
    http://www.ec-cube.net/info/weakness/weakness.php?id=52 x_refsource_CONFIRM
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#06870202",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN06870202/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/23278"
              },
              {
                "name": "JVNDB-2013-000098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#06870202",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN06870202/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/23278"
            },
            {
              "name": "JVNDB-2013-000098",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5994",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#06870202",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN06870202/index.html"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/23278",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/23278"
                },
                {
                  "name": "JVNDB-2013-000098",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=52",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5994",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5993 (GCVE-0-2013-5993)

    Vulnerability from nvd – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN11221613/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097 third-party-advisoryx_refsource_JVNDB
    http://www.ec-cube.net/info/weakness/weakness.php?id=53 x_refsource_CONFIRM
    http://svn.ec-cube.net/open_trac/changeset/23277 x_refsource_CONFIRM
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#11221613",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN11221613/index.html"
              },
              {
                "name": "JVNDB-2013-000097",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/23277"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#11221613",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN11221613/index.html"
            },
            {
              "name": "JVNDB-2013-000097",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/23277"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5993",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#11221613",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN11221613/index.html"
                },
                {
                  "name": "JVNDB-2013-000097",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=53",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/23277",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/23277"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5993",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5992 (GCVE-0-2013-5992)

    Vulnerability from nvd – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ec-cube.net/info/weakness/weakness.php?id=54 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN38790987/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
              },
              {
                "name": "JVNDB-2013-000105",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
              },
              {
                "name": "JVN#38790987",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN38790987/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
            },
            {
              "name": "JVNDB-2013-000105",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
            },
            {
              "name": "JVN#38790987",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN38790987/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5992",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=54",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
                },
                {
                  "name": "JVNDB-2013-000105",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
                },
                {
                  "name": "JVN#38790987",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN38790987/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5992",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5991 (GCVE-0-2013-5991)

    Vulnerability from nvd – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN61077110/index.html third-party-advisoryx_refsource_JVN
    http://www.ec-cube.net/info/weakness/weakness.php?id=54 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104 third-party-advisoryx_refsource_JVNDB
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:41.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#61077110",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN61077110/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
              },
              {
                "name": "JVNDB-2013-000104",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#61077110",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN61077110/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
            },
            {
              "name": "JVNDB-2013-000104",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-5991",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#61077110",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN61077110/index.html"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=54",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
                },
                {
                  "name": "JVNDB-2013-000104",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-5991",
        "datePublished": "2013-11-21T02:00:00.000Z",
        "dateReserved": "2013-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:41.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4702 (GCVE-0-2013-4702)

    Vulnerability from nvd – Published: 2013-08-30 21:00 – Updated: 2024-08-06 16:52
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/96756 vdb-entryx_refsource_OSVDB
    http://jvn.jp/en/jp/JVN15973066/index.html third-party-advisoryx_refsource_JVN
    http://www.ec-cube.net/info/weakness/weakness.php?id=50 x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081 third-party-advisoryx_refsource_JVNDB
    http://svn.ec-cube.net/open_trac/changeset/22891 x_refsource_CONFIRM
    http://www.ec-cube.net/info/weakness/20130829/index.php x_refsource_CONFIRM
    Date Public
    2013-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:52:27.004Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96756",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/96756"
              },
              {
                "name": "JVN#15973066",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN15973066/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
              },
              {
                "name": "JVNDB-2013-000081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/22891"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-09-12T09:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "96756",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/96756"
            },
            {
              "name": "JVN#15973066",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN15973066/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
            },
            {
              "name": "JVNDB-2013-000081",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/22891"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-4702",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96756",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/96756"
                },
                {
                  "name": "JVN#15973066",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN15973066/index.html"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=50",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
                },
                {
                  "name": "JVNDB-2013-000081",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/22891",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/22891"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/20130829/index.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-4702",
        "datePublished": "2013-08-30T21:00:00.000Z",
        "dateReserved": "2013-06-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:52:27.004Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3653 (GCVE-0-2013-3653)

    Vulnerability from nvd – Published: 2013-06-29 16:00 – Updated: 2024-09-16 16:28
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:14:56.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
              },
              {
                "name": "JVN#98665228",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN98665228/index.html"
              },
              {
                "name": "JVNDB-2013-000064",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/22861"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-06-29T16:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
            },
            {
              "name": "JVN#98665228",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN98665228/index.html"
            },
            {
              "name": "JVNDB-2013-000064",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/22861"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-3653",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=46",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
                },
                {
                  "name": "JVN#98665228",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN98665228/index.html"
                },
                {
                  "name": "JVNDB-2013-000064",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/22861",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/22861"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-3653",
        "datePublished": "2013-06-29T16:00:00.000Z",
        "dateReserved": "2013-05-22T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:28:53.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3652 (GCVE-0-2013-3652)

    Vulnerability from nvd – Published: 2013-06-29 16:00 – Updated: 2024-09-17 04:24
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:14:56.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
              },
              {
                "name": "JVNDB-2013-000063",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.ec-cube.net/open_trac/changeset/22862"
              },
              {
                "name": "JVN#07192063",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN07192063/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-06-29T16:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
            },
            {
              "name": "JVNDB-2013-000063",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.ec-cube.net/open_trac/changeset/22862"
            },
            {
              "name": "JVN#07192063",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN07192063/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2013-3652",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
                },
                {
                  "name": "JVNDB-2013-000063",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
                },
                {
                  "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=47",
                  "refsource": "CONFIRM",
                  "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
                },
                {
                  "name": "http://svn.ec-cube.net/open_trac/changeset/22862",
                  "refsource": "CONFIRM",
                  "url": "http://svn.ec-cube.net/open_trac/changeset/22862"
                },
                {
                  "name": "JVN#07192063",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN07192063/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2013-3652",
        "datePublished": "2013-06-29T16:00:00.000Z",
        "dateReserved": "2013-05-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:24:01.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }