Habu

**Name of the Vulnerable Software and Affected Versions** LOCKON EC-CUBE versions 2.11.0 through 2.12.3enP2 **Description** The issue concerns the password reminder function in LOCKON EC-CUBE, where input is not properly validated. This allows remote attackers to obtain sensitive information by sending a crafted request. **Recommendations** For versions 2.11.0 through 2.12.3enP2, consider disabling the password reminder function until a proper validation mechanism is implemented to prevent exploitation. Restrict access to the forgot password feature to minimize the risk of sensitive information disclosure.