CVE-2013-3650

Name of the Vulnerable Software and Affected Versions LOCKON EC-CUBE versions prior to 2.12.5

Description A directory traversal issue exists in the lfCheckFileName function, allowing remote attackers to read arbitrary image files. This is achieved through vectors involving the image parameter to "resize image.php".

Recommendations For versions prior to 2.12.5, update to version 2.12.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "resize image.php" endpoint until the update is applied. Avoid using the image parameter in the affected endpoint until the issue is resolved.