PT-2013-5905 · Lockon · Ec-Cube
Gen Sato
·
Published
2013-11-21
·
Updated
2013-11-21
·
CVE-2013-5994
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
LOCKON EC-CUBE versions 2.11.2 through 2.13.0
Description
The issue allows remote attackers to obtain sensitive information via a direct request to a specific page, which reveals the full path in an error message. This occurs in the data/class/pages/mypage/LC Page Mypage DeliveryAddr.php file.
Recommendations
For versions 2.11.2 through 2.13.0, consider restricting access to the LC Page Mypage DeliveryAddr.php file until a patch is available. As a temporary workaround, avoid using direct requests to this page to minimize the risk of sensitive information disclosure.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ec-Cube