2 matches found
CVE-2015-5665
Cross-site request forgery CSRF vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function...
CVE-2015-5665
LOCKON EC-CUBE is affected by a CSRF vulnerability (CWE-352) affecting versions 2.11.0 through 2.13.3 (some sources list up to 2.13.4). The flaw enables an attacker to hijack the authentication of arbitrary users by inducing requests that write to PHP scripts, tied to the doValidToken function. I...