CVE-2013-2315

Name of the Vulnerable Software and Affected Versions LOCKON EC-CUBE versions 2.11.0 through 2.12.3enP2

Description The issue concerns the password reminder function in LOCKON EC-CUBE, where input is not properly validated. This allows remote attackers to obtain sensitive information by sending a crafted request.

Recommendations For versions 2.11.0 through 2.12.3enP2, consider disabling the password reminder function until a proper validation mechanism is implemented to prevent exploitation. Restrict access to the forgot password feature to minimize the risk of sensitive information disclosure.