CVE-2013-2315

EPSS 0.32%
Veröffentlicht 29.05.2013 19:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lockon ≫ Ec-cube Version2.11.0

Lockon ≫ Ec-cube Version2.11.1

Lockon ≫ Ec-cube Version2.11.2

Lockon ≫ Ec-cube Version2.11.3

Lockon ≫ Ec-cube Version2.11.4

Lockon ≫ Ec-cube Version2.11.5

Lockon ≫ Ec-cube Version2.12.0

Lockon ≫ Ec-cube Version2.12.1

Lockon ≫ Ec-cube Version2.12.2

Lockon ≫ Ec-cube Version2.12.3

Lockon ≫ Ec-cube Version2.12.3en

Lockon ≫ Ec-cube Version2.12.3enp1

Lockon ≫ Ec-cube Version2.12.3enp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.519

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://jvn.jp/en/jp/JVN39699406/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044

http://svn.ec-cube.net/open_trac/changeset/22580

http://www.ec-cube.net/info/weakness/weakness.php?id=43

https://nvd.nist.gov/vuln/detail/CVE-2013-2315

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2315

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2315

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2013-2315