Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ec-cube | Lockon | 2.11.2 | 2.11.2 |
Ec-cube | Lockon | 2.11.0 | 2.11.0 |
Ec-cube | Lockon | 2.11.3 | 2.11.3 |
Ec-cube | Lockon | 2.11.5 | 2.11.5 |
Ec-cube | Lockon | 2.11.4 | 2.11.4 |
Ec-cube | Lockon | 2.11.1 | 2.11.1 |