Software Detail

Software Informaton Top

CMS

Software Detail

EC-CUBE

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.ec-cube.net/
Explanation	This is a CMS for building e-commerce sites made in Japan. It is currently supported in three versions: Series 2, Series 3, and Series 4. Support for Series 2 was scheduled to end with the release of Series 3, but due to the large number of users, support has been extended. With the Cloud version, you can use EC-CUBE right away without having to prepare a server.
Tag	GPL v2 オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.ec-cube.net/press/detail.php?press_id=212
2			https://www.ec-cube.net/download/
3			https://www.ec-cube.net/news/detail.php?news_id=84
4			https://github.com/EC-CUBE/ec-cube3
5			https://github.com/EC-CUBE/ec-cube2

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	High	Medium	Low
31	EC-CUBE 4	4.3.1-p1	March 4, 2026	Oct. 11, 2018		3	8	1
32	EC-CUBE 3	3.0.18	July 5, 2019	July 1, 2015		5	7	1
33	EC-CUBE 2	2.13.5-p2	Aug. 17, 2023	Dec. 4, 2007		4	27	0
34	EC-CUBE 1	1.4.0	Oct. 1, 2008	Feb. 14, 2007	Nov. 6, 2008	2	9	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
31	- 4.3	MEDIUM	The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log …	CWE-200 Information Exposure	CVE-2013-5991	cpe:2.3:a:lockon:ec-cube:2.11.5:* cpe:2.3:a:lockon:ec-cube:2.11.4:* cpe:2.3:a:lockon:ec-cube:2.11.3:* cpe:2.3:…		2024-11-21 10:58 2013-11-21	Show	GitHub Exploit DB Packet Storm

32	- 5.0	MEDIUM	Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbit…	CWE-22 Path Traversal	CVE-2013-4702	cpe:2.3:a:lockon:ec-cube:2.12.5en:* cpe:2.3:a:lockon:ec-cube:2.12.5:* cpe:2.3:a:lockon:ec-cube:2.12.4en:* cpe:…		2024-11-21 10:56 2013-08-31	Show	GitHub Exploit DB Packet Storm

33	- 4.3	MEDIUM	Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HT…	CWE-79 Cross-site Scripting	CVE-2013-3653	cpe:2.3:a:lockon:ec-cube:2.12.3:* cpe:2.3:a:lockon:ec-cube:2.12.2:* cpe:2.3:a:lockon:ec-cube:2.12.1:* cpe:2.3:…	2.12.4	2024-11-21 10:54 2013-07-1	Show	GitHub Exploit DB Packet Storm

34	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML …	CWE-79 Cross-site Scripting	CVE-2013-3652	cpe:2.3:a:lockon:ec-cube:2.12.4:* cpe:2.3:a:lockon:ec-cube:2.12.3:* cpe:2.3:a:lockon:ec-cube:2.12.2:* cpe:2.3:…		2024-11-21 10:54 2013-07-1	Show	GitHub Exploit DB Packet Storm

35	- 5.0	MEDIUM	Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_F…	CWE-22 Path Traversal	CVE-2013-3654	cpe:2.3:a:lockon:ec-cube:2.12.4:* cpe:2.3:a:lockon:ec-cube:2.12.3:* cpe:2.3:a:lockon:ec-cube:2.12.2:* cpe:2.3:…		2024-11-21 10:54 2013-07-1	Show	GitHub Exploit DB Packet Storm

36	- 7.5	HIGH	LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormPara…	CWE-94 Code Injection	CVE-2013-3651	cpe:2.3:a:lockon:ec-cube:2.12.4:* cpe:2.3:a:lockon:ec-cube:2.12.3:* cpe:2.3:a:lockon:ec-cube:2.12.2:* cpe:2.3:…		2024-11-21 10:54 2013-07-1	Show	GitHub Exploit DB Packet Storm

37	- 5.0	MEDIUM	Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via…	CWE-22 Path Traversal	CVE-2013-3650	cpe:2.3:a:lockon:ec-cube:2.12.3:* cpe:2.3:a:lockon:ec-cube:2.12.2:* cpe:2.3:a:lockon:ec-cube:2.12.1:* cpe:2.3:…	2.12.4	2024-11-21 10:54 2013-07-1	Show	GitHub Exploit DB Packet Storm

38	- 5.0	MEDIUM	data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain …	CWE-20 Improper Input Validation	CVE-2013-2315	cpe:2.3:a:lockon:ec-cube:2.12.3enp2:* cpe:2.3:a:lockon:ec-cube:2.12.3enp1:* cpe:2.3:a:lockon:ec-cube:2.12.3en:*		2024-11-21 10:51 2013-05-30	Show	GitHub Exploit DB Packet Storm

39	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject ar…	CWE-79 Cross-site Scripting	CVE-2013-2314	cpe:2.3:a:lockon:ec-cube:2.12.3enp2:* cpe:2.3:a:lockon:ec-cube:2.12.3enp1:* cpe:2.3:a:lockon:ec-cube:2.12.3en:*		2024-11-21 10:51 2013-05-30	Show	GitHub Exploit DB Packet Storm

40	- 4.0	MEDIUM	Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.	CWE-287 Improper Authentication	CVE-2013-2313	cpe:2.3:a:lockon:ec-cube:2.12.3enp2:* cpe:2.3:a:lockon:ec-cube:2.12.3enp1:* cpe:2.3:a:lockon:ec-cube:2.12.3en:*		2024-11-21 10:51 2013-05-30	Show	GitHub Exploit DB Packet Storm