CVE-2013-2315

🗓️ 29 May 2013 19:00:00Reported by jpcertType

cve🔗 web.nvd.nist.gov👁 43 Views🌐 WEB

data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2013-2315	29 May 201319:00	–	cvelist
EUVD	EUVD-2013-2261	7 Oct 202500:30	–	euvd
Japan Vulnerability Notes	JVN#39699406: EC-CUBE vulnerable to information disclosure as a result of improper input checking	23 May 201300:00	–	jvn
Japan Vulnerability Notes	EC-CUBE vulnerable to information disclosure as a result of improper input checking	23 May 201306:46	–	jvn
NVD	CVE-2013-2315	29 May 201319:55	–	nvd
Prion	Design/Logic Flaw	29 May 201319:55	–	prion
RedhatCVE	CVE-2013-2315	22 May 202504:39	–	redhatcve

NVD

Node

lockon ec-cubeMatch2.11.0

lockon ec-cubeMatch2.11.1

lockon ec-cubeMatch2.11.2

lockon ec-cubeMatch2.11.3

lockon ec-cubeMatch2.11.4

lockon ec-cubeMatch2.11.5

Node

lockon ec-cubeMatch2.12.0

lockon ec-cubeMatch2.12.1

lockon ec-cubeMatch2.12.2

lockon ec-cubeMatch2.12.3

lockon ec-cubeMatch2.12.3en

lockon ec-cubeMatch2.12.3enp1

lockon ec-cubeMatch2.12.3enp2

Source	Link
jvn	www.jvn.jp/en/jp/JVN39699406/index.html
svn	www.svn.ec-cube.net/open_trac/changeset/22580
ec-cube	www.ec-cube.net/info/weakness/weakness.php
jvndb	www.jvndb.jvn.jp/jvndb/JVNDB-2013-000044

Parameter	Position	Path	Description	CWE
email	request body	data/class/pages/forgot/LC_Page_Forgot.php	Sensitive information disclosure via tampered password reminder input.	CWE-20

29 Apr 2026 01:13Current

6.4Medium risk

Vulners AI Score6.4

CVSS 25

EPSS0.00319

CWE-20