PT-2013-3659 · Lockon · Lockon Ec-Cube

Habu

Published

2013-05-29

Updated

2013-05-30

CVE-2013-2315

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions LOCKON EC-CUBE versions 2.11.0 through 2.12.3enP2

Description The issue concerns the password reminder function in LOCKON EC-CUBE, where input is not properly validated. This allows remote attackers to obtain sensitive information by sending a crafted request.

Recommendations For versions 2.11.0 through 2.12.3enP2, consider disabling the password reminder function until a proper validation mechanism is implemented to prevent exploitation. Restrict access to the forgot password feature to minimize the risk of sensitive information disclosure.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-2315

Affected Products

Lockon Ec-Cube

PT-2013-3659 · Lockon · Lockon Ec-Cube

CVE-2013-2315

Weakness Enumeration

Related Identifiers

Affected Products

References · 5