Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LOCKON EC-CUBE‘lfCheckError’函数安全漏洞
Vulnerability Description
LOCKON EC-CUBE是日本LOCKON公司开发的一套开源的电子商务网站构建平台。该平台支持商品登录、用户评价、美工布局等。 LOCKON EC-CUBE 2.11.0至2.12.2版本中的data/class/pages/shopping/LC_Page_Shopping_Multiple.php文件中的‘lfCheckError’函数中存在安全漏洞。远程攻击者可利用该漏洞获取敏感的发货信息。
CVSS Information
N/A
Vulnerability Type
N/A