Arbitrary Image File Read Vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4

Arbitrary Image File Read Vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4

CVE-2013-3654 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.

Learn more about our Web Application Penetration Testing UK.