CVE-2013-5994

Name of the Vulnerable Software and Affected Versions LOCKON EC-CUBE versions 2.11.2 through 2.13.0

Description The issue allows remote attackers to obtain sensitive information via a direct request to a specific page, which reveals the full path in an error message. This occurs in the data/class/pages/mypage/LC Page Mypage DeliveryAddr.php file.

Recommendations For versions 2.11.2 through 2.13.0, consider restricting access to the LC Page Mypage DeliveryAddr.php file until a patch is available. As a temporary workaround, avoid using direct requests to this page to minimize the risk of sensitive information disclosure.