CVE-2013-2315

2022-10-0316:15:02

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-2315

lockon

ec-cube

information security

validation

remote attack

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.9%

JSON

data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request.

Affected configurations

NVD

Node

lockonec-cubeMatch2.11.0

lockonec-cubeMatch2.11.1

lockonec-cubeMatch2.11.2

lockonec-cubeMatch2.11.3

lockonec-cubeMatch2.11.4

lockonec-cubeMatch2.11.5

Node

lockonec-cubeMatch2.12.0

lockonec-cubeMatch2.12.1

lockonec-cubeMatch2.12.2

lockonec-cubeMatch2.12.3

lockonec-cubeMatch2.12.3en

lockonec-cubeMatch2.12.3enp1

lockonec-cubeMatch2.12.3enp2

CPENameOperatorVersion
lockon:ec-cubelockon ec-cubeeq2.11.0
lockon:ec-cubelockon ec-cubeeq2.11.1
lockon:ec-cubelockon ec-cubeeq2.11.2
lockon:ec-cubelockon ec-cubeeq2.11.3
lockon:ec-cubelockon ec-cubeeq2.11.4
lockon:ec-cubelockon ec-cubeeq2.11.5

CPE	Name	Operator	Version
lockon:ec-cube	lockon ec-cube	eq	2.11.0
lockon:ec-cube	lockon ec-cube	eq	2.11.1
lockon:ec-cube	lockon ec-cube	eq	2.11.2
lockon:ec-cube	lockon ec-cube	eq	2.11.3
lockon:ec-cube	lockon ec-cube	eq	2.11.4
lockon:ec-cube	lockon ec-cube	eq	2.11.5