Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 up to and including 2.13.3 allows remote malicious users to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lockon ec-cube 2.11.0 |
||
lockon ec-cube 2.11.1 |
||
lockon ec-cube 2.12.1 |
||
lockon ec-cube 2.12.0 |
||
lockon ec-cube 2.12.2 |
||
lockon ec-cube 2.12.3 |
||
lockon ec-cube 2.11.3 |
||
lockon ec-cube 2.11.5 |
||
lockon ec-cube 2.12.5 |
||
lockon ec-cube 2.13.0 |
||
lockon ec-cube 2.13.2 |
||
lockon ec-cube 2.11.2 |
||
lockon ec-cube 2.11.4 |
||
lockon ec-cube 2.12.6 |
||
lockon ec-cube 2.13.1 |